CVE-2025-54068
- EPSS 0.12%
- Veröffentlicht 17.07.2025 18:16:56
- Zuletzt bearbeitet 27.08.2025 14:36:24
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property...
CVE-2024-47823
- EPSS 0.22%
- Veröffentlicht 08.10.2024 18:15:31
- Zuletzt bearbeitet 06.03.2025 14:24:40
Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to `2.12.7` and `v3.5.2`, the file extension of an uploaded file is guessed based on the MIME type. As a result, the ...
CVE-2024-21504
- EPSS 0.09%
- Veröffentlicht 19.03.2024 05:15:09
- Zuletzt bearbeitet 21.11.2024 08:54:34
Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting (XSS) when a page uses [Url] for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a mali...
CVE-2024-22859
- EPSS 1.22%
- Veröffentlicht 01.02.2024 07:15:08
- Zuletzt bearbeitet 29.05.2025 15:15:29
Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status c...