cve-2026-53634 let authenticated sharp users bypass create authorization through quick creation command endpoints
cve-2026-48067 came from a scope mismatch in filament AttachAction and AssociateAction
how i reported six shopper cves spanning authorization bypass, privilege escalation, race conditions, idor, and xss
authenticated sharp users could download unrelated laravel storage objects through the generic download endpoint
