Lucene search
K

153 matches found

Cvelist
Cvelist
added 2026/05/29 6:0 p.m.34 views

CVE-2026-47742 Shopper: Missing authorization on Product admin Livewire sub-form components

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor Edit, Inventory, Seo, Shipping, Files had no authorization on their store method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO...

6.5CVSS0.00221EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:0 p.m.15 views

CVE-2026-47742

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor Edit, Inventory, Seo, Shipping, Files had no authorization on their store method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO...

6.5CVSS5.9AI score0.00221EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/29 6:0 p.m.18 views

CVE-2026-47742

Affected software: Shopper: Headless e-commerce Admin Panel. Vulnerability summary: Before version 2.8.0, sub-form Livewire components used in the product editor (Edit, Inventory, Seo, Shipping, Files) lacked authorization on their store() method. This allowed any authenticated panel user, regard...

6.5CVSS5.9AI score0.00221EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the Livewire component in the product editor, which lacked authorization for the store method. Any...

6.5CVSS5.8AI score0.00221EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-44943

Name of the Vulnerable Software and Affected Versions Shopper versions prior to 2.8.0 Description Sub-form Livewire components within the product editor—specifically those handling Edit, Inventory, Seo, Shipping, and Files—lack authorization on their store method. This allows any authenticated...

6.5CVSS5.6AI score0.00221EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/05/18 4:34 p.m.23 views

shopper/framework: Authorization bypass in multiple Livewire admin components

Impact Multiple Livewire components in the admin panel allowed an authenticated low-privilege user to mutate data without the required permission: - Order detail Filament actions cancel, mark paid, mark complete, capture payment, archive, start processing were callable with readorders only and di...

8.1CVSS5.8AI score0.00258EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/05/18 4:34 p.m.4 views

GHSA-F946-9QP6-VGCH shopper/framework: Authorization bypass in multiple Livewire admin components

Impact Multiple Livewire components in the admin panel allowed an authenticated low-privilege user to mutate data without the required permission: - Order detail Filament actions cancel, mark paid, mark complete, capture payment, archive, start processing were callable with readorders only and di...

8.1CVSS5.8AI score0.00258EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/05/11 3:11 p.m.174 views

Exploit for Code Injection in Laravel Livewire

No d...

9.8CVSS5.8AI score0.95376EPSS
Exploits5
Snyk
Snyk
added 2026/05/04 10:11 p.m.7 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the updatedAttachments process. An attacker can upload arbitrary files by submitting crafted files through the upload interface, which may result in the execution of malicious scripts, phishing page hosting, or...

7.1CVSS6AI score
Exploits0References3
OSV
OSV
added 2026/05/04 10:11 p.m.6 views

GHSA-GXXH-8VCJ-W2MH livewire-markdown-editor has arbitrary file upload that allows stored XSS via attachment handler

Impact All versions of mckenziearts/livewire-markdown-editor prior to v1.3 contain a critical arbitrary file upload vulnerability in the MarkdownEditor::updatedAttachments Livewire handler. The handler calls $file-store with no server-side validation of MIME type, extension, or file content. Any...

7.1CVSS6AI score
Exploits0References4
The Hacker News
The Hacker News
added 2026/03/21 8:25 a.m.16 views

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities KEV catalog, urging federal agencies to patch them by April 3, 2026. The vulnerabilities that have come under...

10CVSS7.5AI score0.99803EPSS
Exploits21
CISA
CISA
added 2026/03/20 12:0 p.m.9 views

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-31277link is external Apple Multiple Products Buffer Overflow Vulnerability CVE-2025-32432link is external Craft CMS Code Injection Vulnerability...

10CVSS5.7AI score0.99803EPSS
In wildExploits21References10
CISA KEV Catalog
CISA KEV Catalog
added 2026/03/20 12:0 a.m.15 views

Laravel Livewire Code Injection Vulnerability

Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios...

9.8CVSS6.1AI score0.95376EPSS
In wildExploits5
VulnCheck KEV
VulnCheck KEV
added 2026/02/17 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

9.8CVSS5.9AI score0.95376EPSS
In wildExploits5References58
GithubExploit
GithubExploit
added 2026/01/20 2:10 p.m.279 views

Exploit for Code Injection in Laravel Livewire

CVE-2025-54068 A tool designed to exploit CVE-2025-54068 and...

9.8CVSS6.2AI score0.95376EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2026/01/17 1:18 p.m.10 views

CVE-2025-14894

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

9.8CVSS7.1AI score0.00571EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/01/16 3:31 p.m.17 views

Livewire Filemanager does not restrict uploaded file types

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

9.8CVSS5.3AI score0.00571EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/01/16 3:31 p.m.7 views

GHSA-9G95-48C6-R778 Livewire Filemanager does not restrict uploaded file types

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

7.5CVSS5.3AI score0.00571EPSS
Exploits0References5
Snyk
Snyk
added 2026/01/16 1:53 p.m.11 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the LivewireFilemanagerComponent.php process due to missing file type and MIME validation. An attacker can execute arbitrary code by uploading a malicious PHP file and accessing it via the /storage/ URL. This...

9.8CVSS6.6AI score0.00571EPSS
Exploits0References2
NVD
NVD
added 2026/01/16 1:16 p.m.9 views

CVE-2025-14894

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

9.8CVSS0.00571EPSS
Exploits0References3
Rows per page
Query Builder