Filtered by vendor Alexusmai
Subscribe
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-65345 | 1 Alexusmai | 1 Laravel File Manager | 2025-12-16 | N/A | 6.5 MEDIUM |
| alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The zip/archiving functionality allows an attacker to create archives containing files and directories outside the intended scope due to improper path validation. | |||||
| CVE-2025-65346 | 1 Alexusmai | 1 Laravel File Manager | 2025-12-16 | N/A | 9.1 CRITICAL |
| alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths. | |||||
| CVE-2025-63307 | 1 Alexusmai | 1 Laravel File Manager | 2025-12-08 | N/A | 8.1 HIGH |
| alexusmai laravel-file-manager 3.3.1 is vulnerable to Cross Site Scripting (XSS). The application permits user-controlled upload, create, and rename of files to HTML and SVG types and serves those files inline without adequate content-type validation or output sanitization. | |||||