Lucene search

K
LaravelLivewire

4 matches found

CVE
CVE
added 2024/02/01 7:15 a.m.67 views

CVE-2024-22859

Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status codes for legitimate client activity), not a secur...

8.8CVSS9.2AI score0.01218EPSS
CVE
CVE
added 2024/10/08 6:15 p.m.61 views

CVE-2024-47823

Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not valid...

9.8CVSS6.3AI score0.00218EPSS
CVE
CVE
added 2024/03/19 5:15 a.m.58 views

CVE-2024-21504

Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting (XSS) when a page uses [Url] for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...

6.1CVSS5.9AI score0.00091EPSS
CVE
CVE
added 2025/07/17 7:15 p.m.32 views

CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is uniq...

9.8CVSS7.2AI score0.00122EPSS