Lucene search
K

21 matches found

CNNVD
CNNVD
added 2026/05/08 12:0 a.m.9 views

Laravel Nova 5 Toggle Field 授权问题漏洞

Laravel Nova 5 Toggle Field is a tool developed by Almir Hodzic for quickly toggling boolean values in Laravel Nova 5. Versions of Laravel Nova 5 Toggle Field prior to 1.3.0 had an authorization vulnerability. This vulnerability stemmed from the fact that the endpoint was only protected by web an...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/28 9:16 p.m.6 views

CVE-2020-36950

Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...

8.7CVSS5.9AI score0.00316EPSS
Exploits0References1
NVD
NVD
added 2026/01/27 4:16 p.m.8 views

CVE-2020-36950

Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...

8.7CVSS0.00316EPSS
Exploits0References4
CVE
CVE
added 2026/01/27 3:23 p.m.11 views

CVE-2020-36950

CVE-2020-36950 affects Laravel Nova 3.7.0. The issue is a denial-of-service vulnerability where authenticated users can crash the application by manipulating the range parameter. Attackers can issue simultaneous requests with an extremely high range value to overwhelm and crash the server. The av...

8.7CVSS5.9AI score0.00316EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/27 3:23 p.m.6 views

EUVD-2020-30865

Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...

8.7CVSS5.9AI score0.00316EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/27 3:23 p.m.21 views

CVE-2020-36950 Laravel Nova 3.7.0 - 'range' DoS

Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...

8.7CVSS0.00316EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/27 3:23 p.m.3 views

CVE-2020-36950

Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...

8.7CVSS5.9AI score0.00316EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/27 3:23 p.m.3 views

CVE-2020-36950 Laravel Nova 3.7.0 - 'range' DoS

Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...

8.7CVSS5.9AI score0.00316EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.5 views

PT-2026-4929

Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...

8.7CVSS5.9AI score0.00316EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.8 views

Laravel Nova security vulnerabilities

Laravel Nova is an open-source management panel software developed by Laravel. Version 3.7.0 of Laravel Nova contains a security vulnerability, which stems from improper handling of the range parameter. This vulnerability could lead to a denial-of-service attack...

8.7CVSS5.8AI score0.00316EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.20 views

EUVD-2025-22109

Malicious code in bioql PyPI...

9.3CVSS6.3AI score0.00841EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/23 4:30 p.m.36 views

CVE-2025-54082

marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0, a vulnerability was discovered in the marshmallow-packages/nova-tiptap Laravel Nova package that allows unauthenticated users to upload arbitrary files to any Laravel disk configured in the...

9.3CVSS7.8AI score0.00841EPSS
Exploits0References1
OSV
OSV
added 2025/07/21 7:9 p.m.3 views

GHSA-96C2-H667-9FXP nova-tiptap has Unauthenticated Arbitrary File Upload Vulnerability

A vulnerability was discovered in the marshmallow-packages/nova-tiptap Laravel Nova package that allows unauthenticated users to upload arbitrary files to any Laravel disk configured in the application. The vulnerability is due to: • Missing authentication middleware Nova and Nova.Auth on the...

9.3CVSS7.7AI score0.00841EPSS
Exploits0References4
NVD
NVD
added 2025/07/21 5:15 p.m.32 views

CVE-2025-54082

marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0, a vulnerability was discovered in the marshmallow-packages/nova-tiptap Laravel Nova package that allows unauthenticated users to upload arbitrary files to any Laravel disk configured in the...

9.3CVSS0.00841EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/21 4:25 p.m.32 views

CVE-2025-54082 nova-tiptap has an Unauthenticated Arbitrary File Upload Vulnerability

marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0, a vulnerability was discovered in the marshmallow-packages/nova-tiptap Laravel Nova package that allows unauthenticated users to upload arbitrary files to any Laravel disk configured in the...

9.3CVSS0.00841EPSS
Exploits0References2
CVE
CVE
added 2025/07/21 4:25 p.m.33 views

CVE-2025-54082

CVE-2025-54082 affects marshmallow-packages/nova-tiptap (Laravel Nova tiptap editor). Prior to version 5.7.0, a vulnerability on the /nova-tiptap/api/file endpoint allowed unauthenticated uploads of arbitrary files to configured disks due to missing authentication middleware and lack of file vali...

9.3CVSS8AI score0.00841EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/21 4:25 p.m.5 views

CVE-2025-54082 nova-tiptap has an Unauthenticated Arbitrary File Upload Vulnerability

marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0, a vulnerability was discovered in the marshmallow-packages/nova-tiptap Laravel Nova package that allows unauthenticated users to upload arbitrary files to any Laravel disk configured in the...

9.3CVSS8.6AI score0.00841EPSS
Exploits0References2
OSV
OSV
added 2025/07/21 4:25 p.m.6 views

CVE-2025-54082 nova-tiptap has an Unauthenticated Arbitrary File Upload Vulnerability

marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0, a vulnerability was discovered in the marshmallow-packages/nova-tiptap Laravel Nova package that allows unauthenticated users to upload arbitrary files to any Laravel disk configured in the...

9.3CVSS8AI score0.00841EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/21 12:0 a.m.4 views

Marshmallow Packages Laravel Nova Tiptap Editor Field 代码问题漏洞

Marshmallow Packages Laravel Nova Tiptap Editor Field is a Marshmallow Packages open source editor software. A code issue vulnerability exists in Marshmallow Packages Laravel Nova Tiptap Editor Field versions prior to 5.7.0, which stems from insufficient authentication and validation of file uplo...

9.3CVSS7.9AI score0.00841EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2020/12/04 12:0 a.m.785 views

Laravel Nova 3.7.0 Denial Of Service

Exploit Title: Laravel Nova 3.7.0 - 'range' DoS Date: June 22, 2020 Exploit Author: iqzer0 Vendor Homepage: https://nova.laravel.com/ Software Link: https://nova.laravel.com/releases Version: Version v3.7.0 Tested on: Manjaro / Chrome v83 An authenticated user can crash the application by setting...

Exploits0
Rows per page
Query Builder