PT-2026-34661

⚠️ CVE-2026-19855 — Laravel-based CMS "October Lite" ≤ 1.2.0 suffers from stored XSS in the admin panel, allowing attackers to hijack sessions and escalate privileges via malicious content injection. Admins beware. Source: https://t.co/qR6BL1BWL1...

Brave CMS 代码问题漏洞

Brave CMS is a blog and news content management system developed by Razvan Zamfir, based on Laravel. Versions of Brave CMS prior to 2.0.6 contained code vulnerabilities. These vulnerabilities stemmed from the CKEditor upload feature not verifying file types, which could lead to remote code...

Brave CMS 代码问题漏洞

Brave CMS is a blog and news content management system developed by Razvan Zamfir, based on Laravel. Versions of Brave CMS prior to 2.0.6 had code vulnerabilities; these vulnerabilities stemmed from unrestricted file uploads via the CKEditor endpoint, which could lead to remote code execution...

EUVD-2026-9094

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, an authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the...

dcat-admin 代码注入漏洞

dcat-admin is a Laravel-based back-end system builder by Jiang Qinghua, an individual developer. A code injection vulnerability exists in dcat-admin version 2.2.1-beta, which originates from the component Roles Page's file /admin/auth/roles that can lead to cross-site scripting...

DayByDay CRM 授权问题漏洞

DayByDay CRM is an open source CRM Customer Relationship Management software, based on Laravel, that helps users keep track of clients, tasks, meetings and more. A security bypass vulnerability exists in DayByDay CRM, which can be exploited by an attacker to change any user's password and gain...

Booking Core has an unspecified vulnerability

Booking Core is an application. A Laravel-based booking system designed for travel websites, malls, travel agents, tour operators, B&Bs, villa rentals, resort rentals, Make Travel websites.Booking Core has a security vulnerability that stems from the subscription functionality in Ultimate Booking...

Booking Core 跨站脚本漏洞

Booking Core is an application. A Laravel-based booking system designed for travel websites, malls, travel agents, tour operators, B&Bs, villa rentals, resort rentals, Make Travel websites.Booking Core suffers from a cross-site scripting vulnerability, which stems from a cross-site scripting XSS...

Booking Core 跨站请求伪造漏洞

Booking Core is a software application. A Laravel-based booking system designed for travel websites, shopping malls, travel agencies, tour operators, B&Bs, villa rentals, resort rentals, Make Travel websites. Booking Core suffers from a cross-site request forgery vulnerability that stems from...

LaraChurch 1.0 Shell Upload

Exploit Title: LaraChurch - Complete Church Management System - Remote Shell Upload Date: 2018/24/06 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: https://creatydev.com Software Buy:...