Vulnerabilities > Laravel > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-01 CVE-2024-22859 Cross-Site Request Forgery (CSRF) vulnerability in Laravel Livewire
Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function.
network
low complexity
laravel CWE-352
8.8
2022-08-19 CVE-2022-2886 Deserialization of Untrusted Data vulnerability in Laravel
A vulnerability, which was classified as critical, was found in Laravel 5.1.
network
low complexity
laravel CWE-502
8.8
2022-02-24 CVE-2022-25838 Authentication Bypass by Capture-replay vulnerability in Laravel Fortify
Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept.
network
high complexity
laravel CWE-294
8.1
2021-12-20 CVE-2020-19316 OS Command Injection vulnerability in Laravel Framework
OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.
network
low complexity
laravel CWE-78
8.8
2020-09-04 CVE-2020-24941 Incorrect Authorization vulnerability in Laravel
An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0.
network
low complexity
laravel CWE-863
7.5
2020-09-04 CVE-2020-24940 Improper Input Validation vulnerability in Laravel
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2.
network
low complexity
laravel CWE-20
7.5
2019-03-28 CVE-2018-6330 SQL Injection vulnerability in Laravel Framework 5.4.15
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.
network
low complexity
laravel CWE-89
8.8
2018-08-09 CVE-2018-15133 Deserialization of Untrusted Data vulnerability in Laravel
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value.
network
high complexity
laravel CWE-502
8.1
2017-11-20 CVE-2017-16894 Information Exposure vulnerability in Laravel
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI.
network
low complexity
laravel CWE-200
7.5