Lucene search
K

8 matches found

NVD
NVD
added 2026/06/10 10:16 p.m.13 views

CVE-2026-44692

Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the...

7.7CVSS0.00262EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 8:3 p.m.9 views

CVE-2026-44692 Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint

Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the...

7.7CVSS5.5AI score0.00262EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 8:3 p.m.28 views

CVE-2026-44692 Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint

Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the...

7.7CVSS0.00262EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:3 p.m.21 views

CVE-2026-44692

CVE-2026-44692 affects the Sharp CMS package for Laravel. Prior to version 9.22.0, the generic download endpoint authorizes access only to the selected Sharp entity but then reads the target disk and path from request parameters, allowing an authenticated user who can view one valid record to dow...

7.7CVSS5.5AI score0.00262EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 8:3 p.m.10 views

EUVD-2026-36118

Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the...

7.7CVSS5.5AI score0.00262EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/15 6:1 p.m.18 views

Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint

Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the requested storage object is not bound to the authorized entity instance, an authenticated Sharp user wh...

7.7CVSS5.9AI score0.00262EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/15 6:1 p.m.7 views

GHSA-748W-HM6R-QC7V Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint

Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the requested storage object is not bound to the authorized entity instance, an authenticated Sharp user wh...

7.7CVSS5.9AI score0.00262EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.13 views

PT-2026-41389

Name of the Vulnerable Software and Affected Versions Sharp versions prior to 9.22.0 Description Sharp exposes a generic download endpoint 'GET /sharp/globalFilter/download/entityKey/instanceId?' that authorizes access based on a supplied entity instance but reads the target storage disk and path...

7.7CVSS5.6AI score0.00262EPSS
Exploits0References4
Rows per page
Query Builder