21 matches found
Laravel Nova 5 Toggle Field 授权问题漏洞
Laravel Nova 5 Toggle Field is a tool developed by Almir Hodzic for quickly toggling boolean values in Laravel Nova 5. Versions of Laravel Nova 5 Toggle Field prior to 1.3.0 had an authorization vulnerability. This vulnerability stemmed from the fact that the endpoint was only protected by web an...
CVE-2020-36950
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...
CVE-2020-36950
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...
CVE-2020-36950
CVE-2020-36950 affects Laravel Nova 3.7.0. The issue is a denial-of-service vulnerability where authenticated users can crash the application by manipulating the range parameter. Attackers can issue simultaneous requests with an extremely high range value to overwhelm and crash the server. The av...
EUVD-2020-30865
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...
CVE-2020-36950 Laravel Nova 3.7.0 - 'range' DoS
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...
CVE-2020-36950
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...
CVE-2020-36950 Laravel Nova 3.7.0 - 'range' DoS
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...
PT-2026-4929
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...
Laravel Nova security vulnerabilities
Laravel Nova is an open-source management panel software developed by Laravel. Version 3.7.0 of Laravel Nova contains a security vulnerability, which stems from improper handling of the range parameter. This vulnerability could lead to a denial-of-service attack...
EUVD-2025-22109
Malicious code in bioql PyPI...
CVE-2025-54082
marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0, a vulnerability was discovered in the marshmallow-packages/nova-tiptap Laravel Nova package that allows unauthenticated users to upload arbitrary files to any Laravel disk configured in the...
GHSA-96C2-H667-9FXP nova-tiptap has Unauthenticated Arbitrary File Upload Vulnerability
A vulnerability was discovered in the marshmallow-packages/nova-tiptap Laravel Nova package that allows unauthenticated users to upload arbitrary files to any Laravel disk configured in the application. The vulnerability is due to: • Missing authentication middleware Nova and Nova.Auth on the...
CVE-2025-54082
marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0, a vulnerability was discovered in the marshmallow-packages/nova-tiptap Laravel Nova package that allows unauthenticated users to upload arbitrary files to any Laravel disk configured in the...
CVE-2025-54082 nova-tiptap has an Unauthenticated Arbitrary File Upload Vulnerability
marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0, a vulnerability was discovered in the marshmallow-packages/nova-tiptap Laravel Nova package that allows unauthenticated users to upload arbitrary files to any Laravel disk configured in the...
CVE-2025-54082
CVE-2025-54082 affects marshmallow-packages/nova-tiptap (Laravel Nova tiptap editor). Prior to version 5.7.0, a vulnerability on the /nova-tiptap/api/file endpoint allowed unauthenticated uploads of arbitrary files to configured disks due to missing authentication middleware and lack of file vali...
CVE-2025-54082 nova-tiptap has an Unauthenticated Arbitrary File Upload Vulnerability
marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0, a vulnerability was discovered in the marshmallow-packages/nova-tiptap Laravel Nova package that allows unauthenticated users to upload arbitrary files to any Laravel disk configured in the...
CVE-2025-54082 nova-tiptap has an Unauthenticated Arbitrary File Upload Vulnerability
marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0, a vulnerability was discovered in the marshmallow-packages/nova-tiptap Laravel Nova package that allows unauthenticated users to upload arbitrary files to any Laravel disk configured in the...
Marshmallow Packages Laravel Nova Tiptap Editor Field 代码问题漏洞
Marshmallow Packages Laravel Nova Tiptap Editor Field is a Marshmallow Packages open source editor software. A code issue vulnerability exists in Marshmallow Packages Laravel Nova Tiptap Editor Field versions prior to 5.7.0, which stems from insufficient authentication and validation of file uplo...
Laravel Nova 3.7.0 Denial Of Service
Exploit Title: Laravel Nova 3.7.0 - 'range' DoS Date: June 22, 2020 Exploit Author: iqzer0 Vendor Homepage: https://nova.laravel.com/ Software Link: https://nova.laravel.com/releases Version: Version v3.7.0 Tested on: Manjaro / Chrome v83 An authenticated user can crash the application by setting...