Vendor

Laravel

4 briefs RSS

Laravel Security Policy Bypass Vulnerability

A vulnerability in Laravel allows an attacker to bypass the security policy; specifically, laravel/framework versions 12.x before 12.60.0 and 13.x before 13.10.0 are affected (CVE-2026-48019).

laravel/framework security-bypass web-application laravel

1r 1t 2w ago

high advisory

Laravel Lang Packages Hijacked in Credential-Stealing Supply Chain Attack

2 rules 4 TTPs 1 IOC

Attackers compromised Laravel Lang packages by rewriting GitHub tags, distributing a credential-stealing malware targeting cloud credentials, secrets, keys, browser data, and cryptocurrency wallets across Windows, Linux, and macOS systems.

laravel-lang/lang +3 supply-chain-attack credential-theft infostealer composer php github

2r 4t 1i 3w ago

high advisory

Authenticated Sharp Users Can Download Unrelated Laravel Storage Objects

2 rules 1 TTP

An authenticated Sharp user with view access to at least one valid Sharp entity instance can download unrelated files from configured Laravel Storage disks by manipulating the `disk` and `path` parameters in the generic download endpoint, potentially exposing sensitive data like backups and internal documents; this vulnerability is tracked as CVE-2026-44692.

composer/code16/sharp +1 authenticated-disclosure web-application laravel sharp

2r 1t May 15, 2026

high advisory

webonyx/graphql-php Unbounded Recursion Vulnerability

2 rules 1 TTP

The webonyx/graphql-php library has an unbounded recursion vulnerability in its parser that can lead to a stack overflow, causing a denial of service by terminating the PHP process with a SIGSEGV.

graphql-php +4 graphql denial-of-service recursion php

2r 1t May 6, 2026