Lucene search
K

3 matches found

Vulnrichment
Vulnrichment
added 2026/06/10 8:3 p.m.9 views

CVE-2026-44692 Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint

Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the...

7.7CVSS5.5AI score0.00262EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 8:3 p.m.27 views

CVE-2026-44692 Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint

Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the...

7.7CVSS0.00262EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 6:1 p.m.7 views

GHSA-748W-HM6R-QC7V Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint

Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the requested storage object is not bound to the authorized entity instance, an authenticated Sharp user wh...

7.7CVSS5.9AI score0.00262EPSS
Exploits0References4
Rows per page
Query Builder