| CVE-2017-9303 |
medium |
6.1 |
6.1 |
|
|
|
9y ago |
Laravel does not properly constrain the host portion of a password-reset URL |
| CVE-2017-14775 |
medium |
5.9 |
5.9 |
|
|
|
9y ago |
Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison. |
| CVE-2018-15133 |
unknown |
— |
2.5 |
|
|
|
4y ago |
Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the appl… |
| CVE-2026-48019 |
unknown |
— |
— |
|
|
|
15d ago |
Laravel CRLF injection in default email rule |
| CVE-2024-13918 |
unknown |
— |
— |
|
|
|
1y ago |
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page. |
| CVE-2024-13919 |
unknown |
— |
— |
|
|
|
1y ago |
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page. |
| CVE-2025-27515 |
unknown |
— |
— |
|
|
|
1y ago |
Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation ru… |
| CVE-2024-52301 |
unknown |
— |
— |
|
|
|
2y ago |
Laravel environment manipulation via query string |
| CVE-2019-9081 |
unknown |
— |
— |
|
|
|
4y ago |
Laravel Framework Deserialization Vulnerability |
| CVE-2020-19316 |
unknown |
— |
— |
|
|
|
5y ago |
OS Command Injection in Laravel Framework |
| CVE-2021-43808 |
unknown |
— |
— |
|
|
|
5y ago |
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML… |
| CVE-2020-24941 |
unknown |
— |
— |
|
|
|
5y ago |
Improper Input Validation in Laravel |
| CVE-2021-21263 |
unknown |
— |
— |
|
|
|
5y ago |
Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which … |
