13 matches found
CVE-2026-7093
A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...
CVE-2026-7109
A vulnerability was detected in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /item of the component API Endpoint. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and...
CVE-2026-7108
A security vulnerability has been detected in code-projects Invoice System in Laravel 1.0. This affects an unknown function. Such manipulation leads to cross-site request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used...
CVE-2026-7093 code-projects Invoice System in Laravel Invoice Endpoint invoice improper authorization
A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...
EUVD-2026-25778
A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...
PT-2026-35361
A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...
📄 Laravel 11 Cross Site Scripting Scanner
This is a script to scan Laravel version 11 instances to identify known cross site scripting vulnerabilities. ============================================================================================================================================= | Title : Laravel v11 XSS Vulnerability Scann...
CVE-2023-29931
laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php...
CVE-2025-32931
DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command...
PT-2023-12125 · Laravel · Laravel
Name of the Vulnerable Software and Affected Versions: Laravel version 8.5.9 Description: A deserialization vulnerability in the destruct function allows attackers to execute arbitrary commands. Recommendations: For Laravel version 8.5.9, consider disabling the destruct function until a patch is...
CVE-2021-28254
A deserialization vulnerability in the destruct function of Laravel v8.5.9 allows attackers to execute arbitrary commands...
PT-2022-20312 · Laravel +1 · Laravel +1
Name of the Vulnerable Software and Affected Versions: Laravel version 9.1.8 Description: The issue allows Remote Code Execution via an unserialize pop chain in the destruct method of GuzzleHttpCookieFileCookieJar.php when processing attacker-controlled data for deserialization. Recommendations:...
Password reset phishing vulnerability
More info at https://laravel.com/docs/5.4/releaseslaravel-5.4.22...