155 matches found
EUVD-2024-3450
Malicious code in bioql PyPI...
EUVD-2025-21792
Malicious code in bioql PyPI...
EUVD-2024-3024
Malicious code in bioql PyPI...
EUVD-2024-0800
Malicious code in bioql PyPI...
CVE-2025-54068
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...
GHSA-29CQ-5W36-X7W3 Livewire is vulnerable to remote command execution during component property update hydration
Impact In Livewire v3 ≤ 3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions...
Livewire is vulnerable to remote command execution during component property update hydration
Impact In Livewire v3 ≤ 3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions...
CVE-2025-54068
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...
Arbitrary Code Injection
Overview livewire/livewire is an A front-end framework for Laravel. Affected versions of this package are vulnerable to Arbitrary Code Injection via the hydration process of component property updates. An attacker can execute arbitrary commands on the server by sending specially crafted requests ...
CVE-2025-54068 Livewire vulnerable to remote command execution during property update hydration
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...
CVE-2025-54068
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...
CVE-2025-54068
Summary (validated by connected docs): CVE-2025-54068 affects Laravel Livewire v3 up to 3.6.3, where the component hydration/update mechanism can allow unauthenticated remote command execution under specific mounting/config conditions. Public advisories and templates confirm an in-the-wild risk a...
CVE-2025-54068 Livewire vulnerable to remote command execution during property update hydration
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...
CVE-2025-54068 Livewire vulnerable to remote command execution during property update hydration
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...
Livewire 代码注入漏洞
Livewire is Livewire open source a full stack framework for Laravel that allows you to build dynamic UI components without leaving PHP. A code injection vulnerability exists in Livewire 3.6.3 and earlier versions, which stems from mishandling of component property updates and could lead to remote...
PT-2025-29947
Name of the Vulnerable Software and Affected Versions Livewire versions 3.0 through 3.6.3 Description An issue in the hydration process of component property updates allows unauthenticated attackers to achieve remote command execution RCE. The flaw occurs because the framework fails to verify...
Laravel Pulse 1.3.1 - Arbitrary Code Injection
!/usr/bin/env python3 Exploit Title: Laravel Pulse 1.3.1 - Arbitrary Code Injection Author: Mohammed Idrees Banyamer @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-06 Tested on: Laravel Pulse v1.2.0 / Ubuntu 22.04 / Apache2 CVE: CVE-2024-55661 Type: Remote Code Execution via...
CVE-2024-21504
Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...
CVE-2024-47823
Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not...
CVE-2024-55661
Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications. A vulnerability has been discovered in Laravel Pulse prior to version 1.3.1 that could allow remote code execution through the public remember method in the...