Tag

Laravel

3 briefs RSS

Laravel Passport Authentication Bypass Vulnerability (CVE-2026-39976)

Laravel Passport versions 13.0.0 before 13.7.1 contain an authentication bypass vulnerability (CVE-2026-39976) where machine-to-machine tokens can authenticate as a real user due to improper validation of the JWT sub claim.

cve-2026-39976 laravel oauth2 authentication bypass

2r 1t 1c 3w ago

high advisory

Sharp CMS Path Traversal Vulnerability (CVE-2026-33686)

2 rules 1 TTP

A path traversal vulnerability exists in Sharp CMS versions prior to 9.20.0 due to improper sanitization of file extensions, potentially allowing attackers to bypass security restrictions and access sensitive files.

path-traversal cms laravel web-application

2r 1t Mar 26, 2026

high advisory

Sharp Laravel Admin Panel Unrestricted File Upload Vulnerability

2 rules 1 TTP 5 IOCs

The code16/sharp Laravel admin panel package contains a vulnerability in its file upload endpoint that allows authenticated users to bypass all file type restrictions by manipulating the validation_rule parameter, potentially leading to Remote Code Execution (RCE) if the storage disk is configured to be publicly accessible.

laravel file-upload rce code16/sharp

2r 1t 5i Mar 25, 2026