CVE-2026-44692 Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint

Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the...

CVE-2026-44692

CVE-2026-44692 affects the Sharp CMS package for Laravel. Prior to version 9.22.0, the generic download endpoint authorizes access only to the selected Sharp entity but then reads the target disk and path from request parameters, allowing an authenticated user who can view one valid record to dow...

EUVD-2026-36118

Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the...

EUVD-2026-10319

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You...

PT-2026-24054

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You...

CVE-2025-30225

Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...

GHSA-4CJ8-G9CP-V5WR Unrestricted Upload of File with Dangerous Type in blueimp-file-upload

Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload = v9.22.0...

Blueimp jQuery-File-Upload Arbitrary File Upload Vulnerability

Blueimp jQuery-File-Upload is a multi-language file upload tool that includes file selection, file drag and drop, progress bar display and image preview. An arbitrary file upload vulnerability exists in Blueimp jQuery-File-Upload 9.22.0 and earlier versions, which can be exploited by remote...

DEBIAN-CVE-2018-9206

Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload = v9.22.0...