All 6 CVE vulnerabilities found in sharp, with AI-generated Chinese analysis, references, and POCs.
Vendor: lovell
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-44692 | Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint CWE-639 | 7.7 | High | 2026-06-10 |
| CVE-2026-53634 | Sharp: Missing Authorization Check in Quick Creation Command Endpoints CWE-862 | 4.3 | Medium | 2026-06-10 |
| CVE-2026-33686 | Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil CWE-22 | 8.8 | High | 2026-03-26 |
| CVE-2026-33687 | Sharp has Unrestricted File Upload via Client-Controlled Validation Rules CWE-434 | 8.8 | High | 2026-03-26 |
| CVE-2025-62798 | Sharp user-provided input can be evaluated in a SharpShowTextField with Vue template syntax CWE-79 | 5.4 | Medium | 2025-10-28 |
| CVE-2022-29256 | Possible vulnerability at 'npm install' time in sharp if an attacker has control over build environment CWE-77 | 6.5 | Medium | 2022-05-25 |
All 6 known CVE vulnerabilities affecting sharp with full Chinese analysis, references, and POCs where available.