CVE-2025-54068 Livewire vulnerable to remote command execution during property update hydration

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

CVE-2024-22859

Cross-Site Request Forgery CSRF vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem HTTP 419 status codes for legitimate client activity, not a securit...