Lucene search
K

143 matches found

CVE
CVE
added 2026/06/22 9:40 p.m.21 views

CVE-2026-48166

CVE-2026-48166 — Filament timing-based user enumeration on login page . Affects Filament login page in versions 4.0.0–4.11.5 and 5.6.5 of Filament (Laravel component library). An observable timing discrepancy on login allows unauthenticated attackers to determine whether a given email is register...

5.3CVSS5.9AI score0.0021EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 9:39 p.m.24 views

CVE-2026-48505 Filament: Multi-factor authentication (app) recovery codes can still be used multiple times via concurrent submission

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, a flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. This issue does not...

7.4CVSS0.00193EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 9:39 p.m.24 views

CVE-2026-48505

Filament’s MFA recovery-code handling (versions 4.0.0–4.11.5 and 5.6.5) allows the same recovery code to be reused under concurrent submissions. When recovery codes are enabled, an attacker with the user’s password and codes can establish multiple authenticated sessions per code, extending access...

7.4CVSS5.9AI score0.00193EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51387

Name of the Vulnerable Software and Affected Versions Filament versions 4.0.0 through 4.11.4 Filament versions 5.0.0 through 5.6.4 Description The login page contains a timing discrepancy that enables unauthenticated attackers to perform email enumeration. This allows an attacker to determine if ...

5.3CVSS5.9AI score0.0021EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51388

Name of the Vulnerable Software and Affected Versions Filament versions prior to 4.11.5 Filament versions prior to 5.6.5 Description The ImageColumn and ImageEntry components render raw database values without escaping HTML. If the data passed to these components is not validated, an attacker can...

6.4CVSS5.9AI score0.00148EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51389

Name of the Vulnerable Software and Affected Versions Filament versions prior to 3.3.52 Filament versions prior to 4.11.5 Filament versions prior to 5.6.5 Description Filament applies Livewire's WithFileUploads trait to components where schemas may contain file upload fields. Certain schemas, suc...

6.5CVSS6AI score0.00207EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/17 6:41 p.m.12 views

Filament: Disabled RichEditor field state can be used for XSS

In Filament v3, a disabled RichEditor field rendered its raw state without sanitizing HTML. Where the data stored in this field's state isn't sanitized already when the form state was filled, an attacker could plant malicious HTML or JavaScript and achieve XSS that executes for users who view the...

7.6CVSS5.2AI score0.00168EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50597

Name of the Vulnerable Software and Affected Versions Filament versions 3.0.0 through 3.3.52 Description A disabled RichEditor field renders its raw state without sanitizing HTML. If the data stored in the field's state was not previously sanitized when the form state was filled, an attacker can...

7.6CVSS5.8AI score0.00168EPSS
Exploits0References6
OSV
OSV
added 2026/06/11 8:26 p.m.8 views

GHSA-7Q3W-XQJW-G3CR Filament has inconsistent scope enforcement for its AttachAction and AssociateAction Select fields

The recordSelectOptionsQuery method may be used to scope the options available in the Select field for AttachAction and AssociateAction. However, the built-in validation rule for these fields did not apply the same scope. As a result, a user who can trigger these actions could tamper with the...

6.5CVSS5.4AI score0.00178EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/11 8:26 p.m.10 views

Filament has inconsistent scope enforcement for its AttachAction and AssociateAction Select fields

The recordSelectOptionsQuery method may be used to scope the options available in the Select field for AttachAction and AssociateAction. However, the built-in validation rule for these fields did not apply the same scope. As a result, a user who can trigger these actions could tamper with the...

6.5CVSS5.4AI score0.00178EPSS
Exploits0References5Affected Software2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that multiple Filament operations listed in administrator order details and order shipping tables...

8.1CVSS5.8AI score0.00258EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.5 views

CVE-2026-33080

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...

7.3CVSS5.8AI score0.00296EPSS
Exploits0References1
NVD
NVD
added 2026/03/20 9:16 a.m.5 views

CVE-2026-33080

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...

7.3CVSS0.00296EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:58 a.m.2 views

CVE-2026-33080

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...

7.3CVSS5.8AI score0.00296EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/20 8:58 a.m.23 views

CVE-2026-33080 Filament: Unvalidated Range and Values summarizer values can be used for XSS

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...

7.3CVSS0.00296EPSS
Exploits0References4
CVE
CVE
added 2026/03/20 8:58 a.m.26 views

CVE-2026-33080

Filament (Laravel) has a stored XSS risk in the Table summarizers Range and Values. Affected versions: 4.0.0–4.8.4 and 5.0.0–5.3.4 render raw database values without escaping HTML, enabling malicious HTML/JavaScript in unvalidated data shown by those summarizers. Remediation: upgrade to 4.8.5 or ...

7.3CVSS5.8AI score0.00296EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 8:58 a.m.4 views

CVE-2026-33080 Filament: Unvalidated Range and Values summarizer values can be used for XSS

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...

7.3CVSS5.8AI score0.00296EPSS
Exploits0References4
OSV
OSV
added 2026/03/20 8:58 a.m.3 views

CVE-2026-33080 Filament: Unvalidated Range and Values summarizer values can be used for XSS

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...

7.3CVSS5.8AI score0.00296EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.11 views

Filament 安全漏洞

Filament is a set of open-source full-stack components developed by Filament, designed to accelerate Laravel development. Versions 4.0.0 to 4.8.4, as well as 5.0.0 to 5.3.4, have security vulnerabilities. These vulnerabilities stem from two Filament Table summarizers not being escaped HTML...

7.3CVSS5.8AI score0.00296EPSS
Exploits0References4
OSV
OSV
added 2026/03/18 8:7 p.m.2 views

GHSA-VV3X-J2X5-36JC Filament Unvalidated Range and Values summarizer values can be used for XSS

Two Table summarizers Range, Values render raw database values without escaping HTML. If there is a lack of validation for the data in the columns that use these summarizers, an attacker could plant malicious HTML / JavaScript and achieve stored XSS that executes for users who view the table with...

7.3CVSS5.5AI score0.00296EPSS
Exploits0References6
Rows per page
Query Builder