StackShield
Security Concepts

What Is Vulnerability?

A weakness in a system that can be exploited by an attacker to perform unauthorized actions. Vulnerabilities can exist in code, configuration, infrastructure, or processes. They range in severity from informational to critical.

In Laravel Applications

Laravel vulnerabilities include SQL injection (when using raw queries), XSS (when using {!! !!} with user input), exposed .env files (server misconfiguration), and debug mode in production (APP_DEBUG=true).

Example

An exposed .env file is a critical vulnerability because it gives an attacker your database credentials, APP_KEY, and all third-party API keys.

Related Terms

Exploit

A piece of code, technique, or sequence of actions that takes advantage of a vulnerability to produce unintended behavior. Exploits turn theoretical vulnerabilities into actual security breaches.

CVE (Common Vulnerabilities and Exposures)

A standardized identifier for publicly known security vulnerabilities. Each CVE entry includes a unique ID (e.g., CVE-2024-1234), a description, and severity rating. The CVE system is maintained by MITRE and used globally to track and reference vulnerabilities.

Attack Vector

A specific method or path an attacker uses to exploit a vulnerability and gain unauthorized access to a system. While the attack surface is the total collection of entry points, an attack vector is the specific technique used against one of those entry points.

Related Articles

GitLab 2FA Bypass (CVE-2026-0723): What Happened and How to Protect Yourself

GitLab patched a high-severity two-factor authentication bypass (CVE-2026-0723, CVSS 7.4) that lets attackers hijack accounts. Here is what the vulnerability is, who is affected, and how to remediate it.

AI Is Writing Your Laravel Code. Who Is Checking Its Security?

Laravel's AI SDK, Boost, and tools like Cursor and Claude Code are changing how we build applications. But over 40% of AI-generated code contains security flaws. Here is how to ship faster without opening the door to attackers.

The Complete Laravel Security Checklist for 2026

A comprehensive, 30-point security checklist covering every layer of your Laravel application. From .env protection and security headers to debug mode detection and DNS security.

Monitor Your Laravel Application's Security

StackShield continuously checks your Laravel application from the outside, catching security issues before attackers find them.

Start Free Trial