Database CVE

CVE-2026-31843 Kritis PoC Tersedia

Pay-Uz Unauthenticated File Write → RCE

Unauthenticated editable API overwrites payment hook PHP files executed via webhook handlers.

goodoneuz/pay-uz < 4.0.0 Jan 15, 2026

Selengkapnya

CVE-2025-53833 Kritis Sudah Ditambal

LaRecipe SSTI → Remote Code Execution

Server-side template injection via query string in public documentation routes.

binarytorch/larecipe < 2.8.1 Jul 14, 2025

Selengkapnya

TANPA-CVE Tinggi Belum Ditambal

Clockwork Debug API Exposure

Debug queries and requests readable via /__clockwork when authentication is off.

itsgoingd/clockwork (auth disabled) Jun 24, 2026

Selengkapnya

CVE-2025-14894 Tinggi Sudah Ditambal

Livewire Filemanager Unauth Upload RCE

Missing MIME validation on Livewire upload component enables PHP shell upload.

livewire-filemanager/filemanager < 1.0.5 Aug 01, 2025

Selengkapnya

CVE-2025-54068 Tinggi Sudah Ditambal

Livewire Unsafe Property Hydration

Unauthenticated component update allows unsafe hydration leading to RCE.

livewire/livewire >=3.0, <3.6.4 Jun 01, 2025

Selengkapnya

TANPA-CVE Sedang Belum Ditambal

L5-Swagger Default Open API Docs

Empty middleware arrays expose Swagger UI and api-docs.json without auth.

darkaonline/l5-swagger (default config) Jun 24, 2026

Selengkapnya