CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

157 matches found

ATTACKERKB•added 2026/05/29 7:48 p.m.•5 views

CVE-2026-48810

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the...

4.3CVSS5.8AI score0.00029EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/29 6:30 p.m.•30 views

CVE-2026-48555

Spatie Laravel Media Library (≤11.22.x) is affected by an SSRF in addMediaFromUrl() used by InteractsWithMedia.php, allowing a remote attacker to induce the server to make arbitrary outbound HTTP requests by providing user-controlled URLs. Impact aligns with CVSS: Network, with low to moderate co...

7.4CVSS6AI score0.00103EPSS

Exploits0References4

CNNVD•added 2026/05/09 12:0 a.m.•4 views

phpVMS 8 访问控制错误漏洞

phpVMS 8 is an open-source aviation simulation and flight management application based on Laravel. Prior to version 7.0.6 of phpVMS, there was a access control vulnerability that stemmed from allowing unauthorized access to the legacy import feature...

9.4CVSS5.8AI score0.02105EPSS

Exploits1References2

Cvelist•added 2026/04/27 5:45 a.m.•20 views

CVE-2026-7092 code-projects Invoice System in Laravel Profile profile improper authorization

A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been...

6.5CVSS0.00046EPSS

Exploits0References5

Cvelist•added 2026/03/31 9:28 p.m.•20 views

CVE-2026-34442 FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScout

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

5.4CVSS0.00098EPSS

Exploits1References3

Cvelist•added 2026/03/26 9:54 p.m.•18 views

CVE-2026-33686 Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...

8.8CVSS0.00031EPSS

Exploits0References2

ATTACKERKB•added 2026/03/19 9:35 p.m.•1 views

CVE-2026-32754

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.208 and below are vulnerable to Stored Cross-Site Scripting XSS through FreeScout's email notification templates. Incoming email bodies are stored in the database without sanitization and rendered...

9.3CVSS5.9AI score0.00092EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/03/03 10:59 p.m.•20 views

CVE-2026-28289 FreeScout 1.8.206 Patch Bypass for CVE-2026-27636 via Zero-Width Space Character Leads to Remote Code Execution

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution RCE on the server by uploading a maliciou...

10CVSS0.16216EPSS

Exploits3References2

ATTACKERKB•added 2026/02/25 3:41 a.m.•3 views

CVE-2026-27637

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...

9.8CVSS5.7AI score0.17266EPSS

Exploits4References4Affected Software1

RedhatCVE•added 2026/01/17 1:18 p.m.•9 views

CVE-2025-14894

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

9.8CVSS7.1AI score0.00018EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:25 a.m.•7 views

CVE-2021-28254

A deserialization vulnerability in the destruct function of Laravel v8.5.9 allows attackers to execute arbitrary commands...

9.8CVSS7.5AI score0.01286EPSS

Exploits1References1

GithubExploit•added 2025/12/29 3:51 a.m.•217 views

Exploit for Deserialization of Untrusted Data in Laravel

CVE-2018-15133 - Laravel Framework 5.6.x Vulnerable Lab Thi...

8.1CVSS7AI score0.84447EPSS

Exploits11

EUVD•added 2025/11/13 4:32 p.m.•2 views

EUVD-2025-175332

A security vulnerability has been detected in cameasy Liketea 1.0.0. Impacted is the function list of the file laravel/app/Http/Controllers/Front/StoreController.php of the component API Endpoint. Such manipulation of the argument lng/lat leads to sql injection. The attack may be performed from...

7.5CVSS7.1AI score0.00034EPSS

Exploits0References6

Positive Technologies•added 2025/10/28 12:0 a.m.•4 views

PT-2025-44216

Name of the Vulnerable Software and Affected Versions Sharp versions prior to 9.11.1 Description Sharp, a content management framework for Laravel, contains a Cross-Site Scripting XSS issue in the SharpShowTextField component. Prior to version 9.11.1, expressions enclosed in & were processed by...

5.4CVSS5.8AI score0.00024EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-1945

Malware in sbrugna...

8.1CVSS8AI score0.00325EPSS

Exploits1References8

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-1471

Malware in sbrugna...

4.6CVSS4.7AI score0.00049EPSS

Exploits0References6