Our researchers of ISecLab have recently released some nice papers that are quoted on slashdot (see 1 and 2). More news reports on PCWorld, BBC and darkreading.
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page. ∞