Lucene search
K

155 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-3450

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.28571EPSS
Exploits3References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-21792

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.95376EPSS
Exploits5References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.22 views

EUVD-2024-3024

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.00823EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-0800

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00516EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/07/19 6:58 p.m.11 views

CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

9.8CVSS6.9AI score0.95376EPSS
Exploits5References1
OSV
OSV
added 2025/07/17 8:26 p.m.6 views

GHSA-29CQ-5W36-X7W3 Livewire is vulnerable to remote command execution during component property update hydration

Impact In Livewire v3 ≤ 3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions...

9.8CVSS7.6AI score0.95376EPSS
Exploits5References7
Github Security Blog
Github Security Blog
added 2025/07/17 8:26 p.m.12 views

Livewire is vulnerable to remote command execution during component property update hydration

Impact In Livewire v3 ≤ 3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions...

9.8CVSS6.8AI score0.95376EPSS
Exploits5References7Affected Software1
NVD
NVD
added 2025/07/17 7:15 p.m.18 views

CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

9.8CVSS0.95376EPSS
Exploits5References5
Snyk
Snyk
added 2025/07/17 6:42 p.m.5 views

Arbitrary Code Injection

Overview livewire/livewire is an A front-end framework for Laravel. Affected versions of this package are vulnerable to Arbitrary Code Injection via the hydration process of component property updates. An attacker can execute arbitrary commands on the server by sending specially crafted requests ...

9.8CVSS7.8AI score0.95376EPSS
Exploits5References2
Cvelist
Cvelist
added 2025/07/17 6:16 p.m.49 views

CVE-2025-54068 Livewire vulnerable to remote command execution during property update hydration

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

9.2CVSS0.95376EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2025/07/17 6:16 p.m.31 views

CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

9.8CVSS7.6AI score0.95376EPSS
Exploits5References4Affected Software1
CVE
CVE
added 2025/07/17 6:16 p.m.106 views

CVE-2025-54068

Summary (validated by connected docs): CVE-2025-54068 affects Laravel Livewire v3 up to 3.6.3, where the component hydration/update mechanism can allow unauthenticated remote command execution under specific mounting/config conditions. Public advisories and templates confirm an in-the-wild risk a...

9.8CVSS7.2AI score0.95376EPSS
In wildExploits5References5Affected Software1
OSV
OSV
added 2025/07/17 6:16 p.m.10 views

CVE-2025-54068 Livewire vulnerable to remote command execution during property update hydration

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

9.2CVSS7.3AI score0.95376EPSS
Exploits5References7
Vulnrichment
Vulnrichment
added 2025/07/17 6:16 p.m.8 views

CVE-2025-54068 Livewire vulnerable to remote command execution during property update hydration

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

9.2CVSS7AI score0.95376EPSS
Exploits5References3
CNNVD
CNNVD
added 2025/07/17 12:0 a.m.89 views

Livewire 代码注入漏洞

Livewire is Livewire open source a full stack framework for Laravel that allows you to build dynamic UI components without leaving PHP. A code injection vulnerability exists in Livewire 3.6.3 and earlier versions, which stems from mishandling of component property updates and could lead to remote...

9.8CVSS7.6AI score0.95376EPSS
Exploits5References4
Positive Technologies
Positive Technologies
added 2025/07/17 12:0 a.m.7 views

PT-2025-29947

Name of the Vulnerable Software and Affected Versions Livewire versions 3.0 through 3.6.3 Description An issue in the hydration process of component property updates allows unauthenticated attackers to achieve remote command execution RCE. The flaw occurs because the framework fails to verify...

9.8CVSS7.4AI score0.95376EPSS
Exploits5References100
Exploit DB
Exploit DB
added 2025/06/09 12:0 a.m.406 views

Laravel Pulse 1.3.1 - Arbitrary Code Injection

!/usr/bin/env python3 Exploit Title: Laravel Pulse 1.3.1 - Arbitrary Code Injection Author: Mohammed Idrees Banyamer @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-06 Tested on: Laravel Pulse v1.2.0 / Ubuntu 22.04 / Apache2 CVE: CVE-2024-55661 Type: Remote Code Execution via...

8.8CVSS8.8AI score0.28571EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/05/23 10:0 a.m.9 views

CVE-2024-21504

Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...

6.1CVSS6AI score0.00516EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:57 a.m.18 views

CVE-2024-47823

Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not...

9.8CVSS6.7AI score0.00823EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.13 views

CVE-2024-55661

Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications. A vulnerability has been discovered in Laravel Pulse prior to version 1.3.1 that could allow remote code execution through the public remember method in the...

8.8CVSS8AI score0.28571EPSS
Exploits3References1
Rows per page
Query Builder