CVE-2026-48500 is a medium-severity vulnerability in Filament, a collection of full-stack components for accelerated Laravel development. The vulnerability allows unauthenticated attackers to upload arbitrary files to the application's temporary storage, potentially exhausting disk space or inflating storage costs. This issue affects Filament versions from 3.0.0 until 3.3.52, 4.11.5, and 5.6.5. The vulner [truncated]
CVE-2026-48167 is a stored cross-site scripting (XSS) vulnerability affecting Filament's ImageColumn and ImageEntry components. The vulnerability exists in versions 4.0.0 through 4.11.5 and 5.6.5, where these components render raw database values without proper HTML escaping. If the data passed to these components is not validated, an attacker could inject malicious HTML or JavaScript. This stored XSS vul [truncated]
A vulnerability in Filament, a collection of full-stack components for accelerated Laravel development, has been discovered. The issue, tracked as CVE-2026-48166, affects versions 4.0.0 through 4.11.5 and 5.6.5. It allows unauthenticated attackers to enumerate registered email addresses by exploiting an observable timing discrepancy on the login page. The impact of this vulnerability is limited to disclos [truncated]
CVE-2026-48067 is a vulnerability in Filament, a collection of full-stack components for accelerated Laravel development. The vulnerability affects filament/actions versions 4.0.0 to 4.11.4 and 5.6.4, and filament/tables versions 3.0.0 to 3.3.51. An attacker who can trigger the AttachAction and AssociateAction could tamper with the Livewire component's state and submit an out-of-scope value due to a discr [truncated]
