Lucene search
K

150 matches found

EUVD
EUVD
β€’added 2026/06/23 10:16 p.m.β€’10 views

EUVD-2026-38394

Filament: Unauthenticated temporary file upload on auth pages...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References2
EUVD
EUVD
β€’added 2026/06/23 9:54 p.m.β€’11 views

EUVD-2026-38393

Filament: Timing-based user enumeration on login page...

5.3CVSS5.8AI score0.0021EPSS
Exploits0References2
NVD
NVD
β€’added 2026/06/22 10:16 p.m.β€’11 views

CVE-2026-55409

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabled RichEditor field rendered its raw state without sanitizing HTML. Where the data stored in this field's state isn't sanitized already when the form state was filled, an attack...

7.6CVSS0.00168EPSS
Exploits0References1
NVD
NVD
β€’added 2026/06/22 10:16 p.m.β€’9 views

CVE-2026-48500

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.52, 4.11.5, and 5.6.5, any schema can contain a file upload form field, so Filament applies Livewire's WithFileUploads trait to the Livewire component the schema is embedded in. However, so...

6.5CVSS0.00207EPSS
Exploits0References1
NVD
NVD
β€’added 2026/06/22 10:16 p.m.β€’8 views

CVE-2026-48166

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to disclosing whether ...

5.3CVSS0.0021EPSS
Exploits0References1
NVD
NVD
β€’added 2026/06/22 10:16 p.m.β€’10 views

CVE-2026-48167

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the ImageColumn and ImageEntry components render raw database values without escaping HTML. Where the data passed to these components isn't validated, an attacker could plant...

6.4CVSS0.00148EPSS
Exploits0References1
NVD
NVD
β€’added 2026/06/22 10:16 p.m.β€’7 views

CVE-2026-48067

Filament is a collection of full-stack components for accelerated Laravel development. From filament/actions 4.0.0 until 4.11.4 and 5.6.4 and from filament/tables 3.0.0 until 3.3.51, the recordSelectOptionsQuery method may be used to scope the options available in the Select field for AttachActio...

6.5CVSS0.00178EPSS
Exploits0References1
OSV
OSV
β€’added 2026/06/22 9:47 p.m.β€’2 views

CVE-2026-55409 Filament: Disabled RichEditor field state can be used for XSS

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabled RichEditor field rendered its raw state without sanitizing HTML. Where the data stored in this field's state isn't sanitized already when the form state was filled, an attack...

7.6CVSS6AI score0.00168EPSS
Exploits0References3
CVE
CVE
β€’added 2026/06/22 9:47 p.m.β€’34 views

CVE-2026-55409

Filament (Laravel) v3 contains a vulnerability where a disabled RichEditor field renders its raw HTML state without sanitization. If the form state data isn’t sanitized when populated, an attacker could inject malicious HTML/JavaScript, causing XSS to execute for users viewing the form. Affected ...

7.6CVSS5.8AI score0.00168EPSS
Exploits0References1
Cvelist
Cvelist
β€’added 2026/06/22 9:47 p.m.β€’25 views

CVE-2026-55409 Filament: Disabled RichEditor field state can be used for XSS

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabled RichEditor field rendered its raw state without sanitizing HTML. Where the data stored in this field's state isn't sanitized already when the form state was filled, an attack...

7.6CVSS0.00168EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
β€’added 2026/06/22 9:47 p.m.β€’6 views

CVE-2026-55409

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabled RichEditor field rendered its raw state without sanitizing HTML. Where the data stored in this field's state isn't sanitized already when the form state was filled, an attack...

7.6CVSS5.8AI score0.00168EPSS
Exploits0References2Affected Software1
OSV
OSV
β€’added 2026/06/22 9:46 p.m.β€’4 views

CVE-2026-48067 Filament: Inconsistent scope enforcement for AttachAction and AssociateAction Select fields

Filament is a collection of full-stack components for accelerated Laravel development. From filament/actions 4.0.0 until 4.11.4 and 5.6.4 and from filament/tables 3.0.0 until 3.3.51, the recordSelectOptionsQuery method may be used to scope the options available in the Select field for AttachActio...

6.5CVSS5.9AI score0.00178EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
β€’added 2026/06/22 9:46 p.m.β€’6 views

CVE-2026-48067

Filament is a collection of full-stack components for accelerated Laravel development. From filament/actions 4.0.0 until 4.11.4 and 5.6.4 and from filament/tables 3.0.0 until 3.3.51, the recordSelectOptionsQuery method may be used to scope the options available in the Select field for AttachActio...

6.5CVSS5.8AI score0.00178EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
β€’added 2026/06/22 9:46 p.m.β€’25 views

CVE-2026-48067 Filament: Inconsistent scope enforcement for AttachAction and AssociateAction Select fields

Filament is a collection of full-stack components for accelerated Laravel development. From filament/actions 4.0.0 until 4.11.4 and 5.6.4 and from filament/tables 3.0.0 until 3.3.51, the recordSelectOptionsQuery method may be used to scope the options available in the Select field for AttachActio...

6.5CVSS0.00178EPSS
Exploits0References1
CVE
CVE
β€’added 2026/06/22 9:46 p.m.β€’28 views

CVE-2026-48067

CVE-2026-48067 affects Filament components where the recordSelectOptionsQuery() used to scope options in AttachAction and AssociateAction Select fields did not apply the same scope in validation. From filament/actions 4.0.0–4.11.4 and 5.6.4, and filament/tables 3.0.0–3.3.51, an attacker could tri...

6.5CVSS5.8AI score0.00178EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
β€’added 2026/06/22 9:43 p.m.β€’5 views

CVE-2026-48167

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the ImageColumn and ImageEntry components render raw database values without escaping HTML. Where the data passed to these components isn't validated, an attacker could plant...

6.4CVSS5.9AI score0.00148EPSS
Exploits0References2Affected Software1
CVE
CVE
β€’added 2026/06/22 9:43 p.m.β€’33 views

CVE-2026-48167

CVE-2026-48167 (Filament) affects the ImageColumn and ImageEntry components of Filament (Laravel ecosystem). From versions 4.0.0 through 4.11.5 and 5.6.5, these components render raw database values without HTML escaping, enabling stored XSS if unvalidated data is passed. The vulnerability impact...

6.4CVSS5.9AI score0.00148EPSS
Exploits0References1
OSV
OSV
β€’added 2026/06/22 9:43 p.m.β€’3 views

CVE-2026-48167 Filament: Unvalidated ImageColumn and ImageEntry values can be used for XSS

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the ImageColumn and ImageEntry components render raw database values without escaping HTML. Where the data passed to these components isn't validated, an attacker could plant...

6.4CVSS6.6AI score0.00148EPSS
Exploits0References3
Cvelist
Cvelist
β€’added 2026/06/22 9:43 p.m.β€’25 views

CVE-2026-48167 Filament: Unvalidated ImageColumn and ImageEntry values can be used for XSS

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the ImageColumn and ImageEntry components render raw database values without escaping HTML. Where the data passed to these components isn't validated, an attacker could plant...

6.4CVSS0.00148EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
β€’added 2026/06/22 9:41 p.m.β€’6 views

CVE-2026-48500

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.52, 4.11.5, and 5.6.5, any schema can contain a file upload form field, so Filament applies Livewire's WithFileUploads trait to the Livewire component the schema is embedded in. However, so...

6.5CVSS6AI score0.00207EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder