Skip to main content

Sharp

2 CVEs product

Monthly

CVE-2026-53634 PHP MEDIUM POC PATCH GHSA This Month

Authorization bypass in Sharp (code16/sharp Laravel CMS package) versions 9.0.0 through 9.22.3 permits authenticated users lacking create permissions to invoke Quick Creation Command endpoints directly, circumventing the authorization layer to either retrieve entity creation forms or submit new records. The root cause is a missing `authorizationManager->check('create', $entityKey)` call in both the constructor and the `create` method of `ApiEntityListQuickCreationCommandController`, meaning the restriction enforced at the entity list level was not replicated at the command controller level. No public exploit exists and no CISA KEV listing is present; vendor-released patch v9.22.3 closes both vulnerable endpoints.

Authentication Bypass Sharp
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2022-29256 npm MEDIUM PATCH This Month

sharp is an application for Node.js image processing. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Microsoft Command Injection Node.js Sharp
NVD GitHub
CVSS 3.1
6.7
EPSS
0.4%
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Authorization bypass in Sharp (code16/sharp Laravel CMS package) versions 9.0.0 through 9.22.3 permits authenticated users lacking create permissions to invoke Quick Creation Command endpoints directly, circumventing the authorization layer to either retrieve entity creation forms or submit new records. The root cause is a missing `authorizationManager->check('create', $entityKey)` call in both the constructor and the `create` method of `ApiEntityListQuickCreationCommandController`, meaning the restriction enforced at the entity list level was not replicated at the command controller level. No public exploit exists and no CISA KEV listing is present; vendor-released patch v9.22.3 closes both vulnerable endpoints.

Authentication Bypass Sharp
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

sharp is an application for Node.js image processing. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Microsoft Command Injection Node.js +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy