10 matches found
CVE-2026-33686
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...
CVE-2026-33686
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...
CVE-2026-33686 Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...
CVE-2026-33686
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...
CVE-2026-33687 Sharp has Unrestricted File Upload via Client-Controlled Validation Rules
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the ApiFormUploadController accepts a...
CVE-2026-33687 Sharp has Unrestricted File Upload via Client-Controlled Validation Rules
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the ApiFormUploadController accepts a...
CVE-2025-62798 Sharp user-provided input can be evaluated in a SharpShowTextField with Vue template syntax
Sharp is a content management framework built for Laravel as a package. Prior to 9.11.1, a Cross-Site Scripting XSS vulnerability was discovered in code16/sharp when rendering content using the SharpShowTextField component. In affected versions, expressions wrapped in & were evaluated by Vue. Thi...
CVE-2025-62798 Sharp user-provided input can be evaluated in a SharpShowTextField with Vue template syntax
Sharp is a content management framework built for Laravel as a package. Prior to 9.11.1, a Cross-Site Scripting XSS vulnerability was discovered in code16/sharp when rendering content using the SharpShowTextField component. In affected versions, expressions wrapped in & were evaluated by Vue. Thi...
CVE-2025-62798
The CVE-2025-62798 issue affects the code16/sharp package (Sharp) used with Laravel, specifically the SharpShowTextField component. In vulnerable versions prior to 9.11.1, Vue evaluated expressions wrapped in {{ ... }} when rendering content, allowing attacker-controlled input to execute arbitrar...
EUVD-2025-35217
code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting XSS src/Form/Fields/SharpFormUploadField.php...