浏览 38+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-7110 | code-projects Invoice System in Laravel item cross site scripting | code-projects | Invoice System in Laravel | Low | 3.5 | 2026-04-27 09:30:15 | Deep Dive |
| CVE-2026-7109 | code-projects Invoice System in Laravel API Endpoint item improper authorization | code-projects | Invoice System in Laravel | Medium | 5.3 | 2026-04-27 09:15:11 | Deep Dive |
| CVE-2026-7108 | code-projects Invoice System in Laravel cross-site request forgery | code-projects | Invoice System in Laravel | Medium | 4.3 | 2026-04-27 09:00:19 | Deep Dive |
| CVE-2026-7107 | code-projects Invoice System in Laravel company unrestricted upload | code-projects | Invoice System in Laravel | Medium | 6.3 | 2026-04-27 08:45:11 | Deep Dive |
| CVE-2026-7093 | code-projects Invoice System in Laravel Invoice Endpoint invoice improper authorization | code-projects | Invoice System in Laravel | Medium | 6.3 | 2026-04-27 06:00:17 | Deep Dive |
| CVE-2026-7092 | code-projects Invoice System in Laravel Profile profile improper authorization | code-projects | Invoice System in Laravel | Medium | 6.3 | 2026-04-27 05:45:11 | Deep Dive |
| CVE-2026-7091 | code-projects Invoice System in Laravel User Management user improper authorization | code-projects | Invoice System in Laravel | Medium | 6.3 | 2026-04-27 05:30:12 | Deep Dive |
| CVE-2026-39976 | Laravel Passport's TokenGuard Authenticates Unrelated User for Client Credentials Tokens | laravel | passport | High | 7.1 | 2026-04-09 16:50:42 | Deep Dive |
| CVE-2019-25673 | UniSharp Laravel File Manager v2.0.0-alpha7 Arbitrary File Upload | UniSharp | Laravel File Manager | High | 8.8 | 2026-04-05 20:45:26 | Deep Dive |
| CVE-2026-5370 | krayin laravel-crm Activities Module/Notes inbox.spec.ts composeMail cross site scripting | krayin | laravel-crm | Low | 3.5 | 2026-04-02 17:30:15 | Deep Dive |
| CVE-2026-4809 | Unsafe Client MIME Type Handling Can Enable Arbitrary File Upload in plank/laravel-mediable | plank | laravel-mediable | Critical | 9.8 | 2026-03-26 11:03:27 | Deep Dive |
| CVE-2020-36950 | Laravel Nova 3.7.0 - 'range' DoS | Laravel Holdings Inc. | Laravel Nova | Medium | 6.5 | 2026-01-27 15:23:51 | Deep Dive |
| CVE-2026-23524 | Laravel Redis Horizontal Scaling Insecure Deserialization | laravel | reverb | Critical | 9.8 | 2026-01-21 22:07:56 | Deep Dive |
| CVE-2021-47756 | Laravel Valet 2.0.3 - Local Privilege Escalation (macOS) | Laravel | Laravel Valet | High | 8.4 | 2026-01-15 23:25:36 | Deep Dive |
| CVE-2021-47763 | Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection | Aimeos | Aimeos Laravel ecommerce platform | High | 8.2 | 2026-01-15 15:52:08 | Deep Dive |
| CVE-2025-58769 | auth0-PHP: Improper File Type Handling in Bulk User Import | auth0 | laravel-auth0 | Low | 3.3 | 2025-10-01 19:57:06 | Deep Dive |
| CVE-2025-49130 | Laravel Translation Manager Vulnerable to Stored Cross-site Scripting | barryvdh | laravel-translation-manager | - | - | 2025-06-09 12:49:38 | Deep Dive |
| CVE-2025-48490 | Laravel Rest Api has a Search Validation Bypass | Lomkit | laravel-rest-api | - | - | 2025-05-30 05:28:00 | Deep Dive |
| CVE-2024-13919 | Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page | Laravel Holdings Inc. | Laravel Framework | High | 8.0 | 2025-03-10 10:03:01 | Deep Dive |
| CVE-2024-13918 | Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page | Laravel Holdings Inc. | Laravel Framework | High | 8.0 | 2025-03-10 10:02:30 | Deep Dive |