StackShield
Security Concepts

What Is Vulnerability?

A weakness in a system that can be exploited by an attacker to perform unauthorized actions. Vulnerabilities can exist in code, configuration, infrastructure, or processes. They range in severity from informational to critical.

In Laravel Applications

Laravel vulnerabilities include SQL injection (when using raw queries), XSS (when using {!! !!} with user input), exposed .env files (server misconfiguration), and debug mode in production (APP_DEBUG=true).

Example

An exposed .env file is a critical vulnerability because it gives an attacker your database credentials, APP_KEY, and all third-party API keys.

Related Terms

Exploit

A piece of code, technique, or sequence of actions that takes advantage of a vulnerability to produce unintended behavior. Exploits turn theoretical vulnerabilities into actual security breaches.

CVE (Common Vulnerabilities and Exposures)

A standardized identifier for publicly known security vulnerabilities. Each CVE entry includes a unique ID (e.g., CVE-2024-1234), a description, and severity rating. The CVE system is maintained by MITRE and used globally to track and reference vulnerabilities.

Attack Vector

A specific method or path an attacker uses to exploit a vulnerability and gain unauthorized access to a system. While the attack surface is the total collection of entry points, an attack vector is the specific technique used against one of those entry points.

Related Articles

Laravel Content Security Policy: Configure CSP Without Breaking Your App

Only 22% of Laravel apps have a Content Security Policy. Learn how to implement CSP with spatie/laravel-csp, handle Livewire and Vite nonces, and avoid the mistakes that break production.

Laravel Is Now on the Same Federal Vulnerability List as Apple. Here Is What That Means.

CISA added the Livewire RCE vulnerability (CVE-2025-54068) to the Known Exploited Vulnerabilities catalog, linking it to active exploitation by Iranian APT MuddyWater. A Laravel ecosystem package is now on the same US government list as Apple and Microsoft. Here is what that changes for your team.

Copy Fail: Why Every Laravel Server Needs a Kernel Update Right Now (CVE-2026-31431)

A local privilege escalation vulnerability in the Linux kernel affects every server running a kernel from 2017 onward. Laravel Forge has issued a specific advisory. The exploit is 732 bytes, works reliably, and is active in the wild. Here is what Laravel teams need to do.

Related Fix Guides

High

Laravel Mass Assignment Vulnerability: How to Protect Eloquent Models with $fillable and $guarded

Eloquent models without $fillable or $guarded allow attackers to set any database column through request input, including is_admin, role, or email_verified_at.

Monitor Your Laravel Application's Security

StackShield continuously checks your Laravel application from the outside, catching security issues before attackers find them.

Start Free Trial