551 matches found
CVE-2026-33686 Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...
CVE-2026-33686
CVE-2026-33686 affects the Sharp Laravel package. Versions before 9.20.0 are vulnerable to a path traversal via the FileUtil::explodeExtension() function, which incorrectly sanitizes file extensions and can allow path separators to reach storage. The issue is resolved in 9.20.0 by using pathinfo(...
CVE-2026-33687
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the ApiFormUploadController accepts a...
CVE-2026-33687 Sharp has Unrestricted File Upload via Client-Controlled Validation Rules
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the ApiFormUploadController accepts a...
CVE-2026-33687 Sharp has Unrestricted File Upload via Client-Controlled Validation Rules
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the ApiFormUploadController accepts a...
CVE-2026-33687
Sharp (code16/sharp) is a Laravel package where versions before 9.20.0 have an Arbitrary File Upload vulnerability in ApiFormUploadController. A client-controlled validation_rule is passed directly to Laravel’s validator, allowing an attacker to bypass all MIME type and file extension checks (e.g...
CVE-2026-33687 Sharp has Unrestricted File Upload via Client-Controlled Validation Rules
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the ApiFormUploadController accepts a...
CVE-2026-32326
SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...
sharp 代码问题漏洞
Sharp is a personal development tool by Lovell, designed to convert large images in common formats into smaller, web-friendly JPEG, PNG, WebP, GIF, and AVIF images of various sizes. Versions of Sharp prior to 9.20.0 contained a code vulnerability. This vulnerability stemmed from the...
sharp 路径遍历漏洞
Sharp is a personal development tool by Lovell, designed to convert large images in common formats into smaller, web-friendly JPEG, PNG, WebP, GIF, and AVIF images of various sizes. Versions of Sharp prior to 9.20.0 contained a path traversal vulnerability, which stemmed from improper handling of...
GHSA-9FFQ-6457-8958 Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil
Summary A path traversal vulnerability exists in the FileUtil class of the code16/sharp package. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. Detail In src/Utils/FileUtil.php, the FileUtil::explodeExtension function...
GHSA-FR76-5637-W3G9 Sharp has Unrestricted File Upload via Client-Controlled Validation Rules
Summary The code16/sharp Laravel admin panel package contains a vulnerability in its file upload endpoint that allows authenticated users to bypass all file type restrictions. Details The upload endpoint within the ApiFormUploadController accepts a client-controlled validationrule parameter. This...
Sharp has Unrestricted File Upload via Client-Controlled Validation Rules
Summary The code16/sharp Laravel admin panel package contains a vulnerability in its file upload endpoint that allows authenticated users to bypass all file type restrictions. Details The upload endpoint within the ApiFormUploadController accepts a client-controlled validationrule parameter. This...
SHARP routers missing authentication for some web APIs
Overview SHARP routers do not perform authentication for some web APIs. Those web APIs provide device information, and the initial administrative password is based on a part of the device information. Missing authentication for critical function CWE-306 - CVE-2026-32326 Shota Zaizen reported this...
EUVD-2026-15194
SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...
CVE-2026-32326
SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...
CVE-2026-32326
SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...
CVE-2026-32326
SHARP routers are affected by CVE-2026-32326 due to missing authentication for some web APIs, enabling retrieval of device information without authentication. The impact could be severe if the administrative password is left as the initial default, potentially allowing takeover of the device. The...
CVE-2026-32326
SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...
CVE-2026-32326
SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...