Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.9 views

CVE-2026-7093

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/27 9:15 a.m.3 views

CVE-2026-7109

A vulnerability was detected in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /item of the component API Endpoint. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and...

6.9CVSS5.4AI score0.00286EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/27 9:0 a.m.4 views

CVE-2026-7108

A security vulnerability has been detected in code-projects Invoice System in Laravel 1.0. This affects an unknown function. Such manipulation leads to cross-site request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used...

5.3CVSS4.8AI score0.00155EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/27 6:0 a.m.32 views

CVE-2026-7093 code-projects Invoice System in Laravel Invoice Endpoint invoice improper authorization

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...

6.5CVSS0.00201EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/27 5:30 a.m.8 views

EUVD-2026-25778

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...

6.5CVSS6AI score0.00201EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.12 views

PT-2026-35361

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...

6.5CVSS6.1AI score0.00201EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2025/11/27 12:0 a.m.182 views

📄 Laravel 11 Cross Site Scripting Scanner

This is a script to scan Laravel version 11 instances to identify known cross site scripting vulnerabilities. ============================================================================================================================================= | Title : Laravel v11 XSS Vulnerability Scann...

6.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:41 a.m.3 views

CVE-2023-29931

laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php...

9.8CVSS6.8AI score0.00895EPSS
Exploits1References1
OSV
OSV
added 2025/04/14 4:15 p.m.6 views

CVE-2025-32931

DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command...

9.1CVSS7.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/04/18 12:0 a.m.6 views

PT-2023-12125 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: Laravel version 8.5.9 Description: A deserialization vulnerability in the destruct function allows attackers to execute arbitrary commands. Recommendations: For Laravel version 8.5.9, consider disabling the destruct function until a patch is...

9.8CVSS9.6AI score0.0132EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2023/04/18 12:0 a.m.7 views

CVE-2021-28254

A deserialization vulnerability in the destruct function of Laravel v8.5.9 allows attackers to execute arbitrary commands...

7.8AI score0.0132EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/05/16 12:0 a.m.6 views

PT-2022-20312 · Laravel +1 · Laravel +1

Name of the Vulnerable Software and Affected Versions: Laravel version 9.1.8 Description: The issue allows Remote Code Execution via an unserialize pop chain in the destruct method of GuzzleHttpCookieFileCookieJar.php when processing attacker-controlled data for deserialization. Recommendations:...

6.9AI score
Exploits0References4
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.24 views

Password reset phishing vulnerability

More info at https://laravel.com/docs/5.4/releaseslaravel-5.4.22...

6.1CVSS7.2AI score0.00959EPSS
Exploits0Affected Software1
Rows per page
Query Builder