30 matches found
Quantum Resonance Encryption for Secure Data Storage and Communication with Quantum Kicked Top
In a shared quantum computer, how to ensure data privacy and protection from access by unauthorized parties? We propose a genuine quantum protocol for protecting user's data which is not accessible even to the service provider. The protocol is based on quantum kicked top -- the dynamics of a spin...
EUVD-2026-31360
Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...
CVE-2026-7886 Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[] parameter
Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...
CVE-2026-7886
Concrete CMS versions 9.5.0 and below are vulnerable to an IDOR in AddMessage/UpdateMessage via the attachments[] parameter. The AddMessage and UpdateMessage controllers load files by ID with $em->find(File::class, $attachmentID) without per-file permission checks (canViewFile()), enabling a u...
CVE-2026-7886
Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...
CVE-2026-33687
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the ApiFormUploadController accepts a...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the ApiFormUploadController function. An attacker can upload arbitrary files by manipulating the validationrule parameter to bypass all file type and extension restrictions. Note: This is only exploitable if th...
CVE-2026-33687
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the ApiFormUploadController accepts a...
CVE-2026-33687
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the ApiFormUploadController accepts a...
CVE-2026-33687 Sharp has Unrestricted File Upload via Client-Controlled Validation Rules
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the ApiFormUploadController accepts a...
CVE-2026-33687 Sharp has Unrestricted File Upload via Client-Controlled Validation Rules
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the ApiFormUploadController accepts a...
CVE-2026-33687 Sharp has Unrestricted File Upload via Client-Controlled Validation Rules
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the ApiFormUploadController accepts a...
DRUPAL-CONTRIB-2026-021
This module moves files to and from private storage depending on the access of its owning entities. The module does not always validate the access logic correctly, resulting in files attached to an entity not being protected in certain circumstances. This vulnerability is mitigated by the fact th...
DRUPAL-CONTRIB-2026-020
This module moves files to and from private storage depending on the access of its owning entities. The module does not sufficiently incorporate the results of hook\file\download when a custom or contrib module implements that hook leading to access bypass...
File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-020
This module moves files to and from private storage depending on the access of its owning entities. The module does not sufficiently incorporate the results of hookfiledownload when a custom or contrib module implements that hook leading to access bypass...
File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-021
This module moves files to and from private storage depending on the access of its owning entities. The module does not always validate the access logic correctly, resulting in files attached to an entity not being protected in certain circumstances. This vulnerability is mitigated by the fact th...
PT-2026-23108
Name of the Vulnerable Software and Affected Versions Drupal File Access Fix deprecated versions prior to 1.2.0 Description The File Access Fix module deprecated has an authorization issue that allows for forceful browsing. The module manages file access, moving files between public and private...
PT-2026-23109
Name of the Vulnerable Software and Affected Versions Drupal File Access Fix deprecated versions prior to 1.2.0 Description The File Access Fix module deprecated contains an authorization flaw that could allow forceful browsing of files. The module manages file storage based on entity access...
DRUPAL-CONTRIB-2024-076
Open Social is a Drupal distribution for online communities, which ships with a default optional module social\file\private to ensure the images and files provided by the distribution are stored in the private instead of the public filesystem. For installations of Open Social prior to version...
DRUPAL-CONTRIB-2024-059
The module creates an endpoint on the site at /postfile/upload that accepts a POST request for uploading a single file into a specified file system public, private, etc. The module doesn't sufficiently protect against Cross Site Request Forgery under allowing an attacker to trick a site user into...