z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen.
4.8CVSS
4.8AI Score
0.001EPSS
An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file.
7.2CVSS
7.2AI Score
0.002EPSS