Lucene search
K

43 matches found

Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.13 views

PT-2026-45900

Name of the Vulnerable Software and Affected Versions Laravel affected versions not specified Description A CRLF injection flaw allows for mail relay abuse, email hijacking, and header abuse. CRLF injection occurs when an attacker inserts Carriage Return CR and Line Feed LF characters into an inp...

5.8AI score0.00048EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/27 8:45 a.m.6 views

EUVD-2026-25804

A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made availabl...

6.5CVSS5.2AI score0.00201EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/27 5:45 a.m.7 views

EUVD-2026-25780

A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been...

6.5CVSS6.1AI score0.00201EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.11 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.215 contained security vulnerabilities. These vulnerabilities stemmed from the fact that restrictions were only applied to...

4.3CVSS5.8AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/25 3:41 a.m.4 views

CVE-2026-27637 FreeScout's Predictable Authentication Token Enables Account Takeover

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...

9.8CVSS5.7AI score0.00668EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2025/12/30 4:31 a.m.452 views

Exploit for Improper Neutralization of Wildcards or Matching Symbols in Laravel Framework

CVE-2025-27515 Proof of Concept A practical demonstration of...

9.8CVSS7.2AI score0.00685EPSS
Exploits1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-2223

Malware in sbrugna...

9.8CVSS9.2AI score0.01478EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-1860

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00895EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-35104

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00672EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-35117

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00578EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-5147

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00959EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-52602

Malicious code in bioql PyPI...

9.8CVSS6.6AI score
Exploits1
CVE
CVE
added 2025/07/01 2:49 p.m.44 views

CVE-2025-34060

CVE-2025-34060 describes a PHP object/objection injection in Monero Project’s Laravel-based forum software via the /get/image/ endpoint. The app passes a user-supplied link parameter directly to file_get_contents() without validation; MIME-type checks via finfo can be bypassed with crafted stream...

10CVSS7.5AI score0.00689EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-52301

Laravel is a web application framework. When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7,...

8.7CVSS5.8AI score0.37981EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:42 a.m.4 views

CVE-2024-40075

Laravel v11.x was discovered to contain an XML External Entity XXE vulnerability...

4.3CVSS7.4AI score0.005EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:36 a.m.8 views

CVE-2022-40482

The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a us...

5.3CVSS7.2AI score0.00881EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:30 p.m.9 views

CVE-2022-24784

Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire...

4.3CVSS6.9AI score0.00994EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:35 p.m.6 views

CVE-2021-43808

Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting XSS vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is...

6.1CVSS5AI score0.00799EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 9:31 p.m.4 views

CVE-2021-21263

Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an...

7.2CVSS6.6AI score0.01605EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:32 p.m.6 views

CVE-2020-24941

An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions...

7.5CVSS6.8AI score0.0109EPSS
Exploits0
Rows per page
Query Builder