Lucene search
K

32 matches found

NVD
NVD
added 2026/06/26 5:16 p.m.7 views

CVE-2026-11779

An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation...

5.3CVSS0.00235EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:9 p.m.6 views

CVE-2026-11779

An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/26 4:9 p.m.7 views

CVE-2026-11779

Technical details about CVE-2026-11779 are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.8AI score0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 4:9 p.m.34 views

CVE-2026-11779 PayloadCMS 3.84.1 - Authenticated account lockout bypass through default unlock access

An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation...

5.3CVSS0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 4:9 p.m.7 views

EUVD-2026-39799

An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/08 12:15 a.m.4 views

EUVD-2026-19921

@delmaredigital/payload-puc is missing authorization on /api/puck/ CRUD endpoints allows unauthenticated access to Puck-registered collections...

9.4CVSS5.9AI score0.00376EPSS
Exploits1References4
NVD
NVD
added 2026/04/07 9:17 p.m.5 views

CVE-2026-39397

@delmaredigital/payload-puck is a PayloadCMS plugin for integrating Puck visual page builder. Prior to 0.6.23, all /api/puck/ CRUD endpoint handlers registered by createPuckPlugin called Payload's local API with the default overrideAccess: true, bypassing all collection-level access control. The...

9.8CVSS0.00376EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2026/04/01 10:26 p.m.11 views

@ainsleydev/payload-helper (>=0.0.16 <=0.0.20), @contentql/core (>=0.1.2 <=0.3.5) +2 more potentially affected by CVE-2026-34750 via @payloadcms/storage-s3 (>=3.0.0-beta.111 <=3.0.0-beta.91)

@payloadcms/storage-s3 NPM version =3.0.0-beta.111, =0.0.16, =0.1.2, =0.1.0, =0.1.4, =0.1.5 Source cves: CVE-2026-34750 Source advisory: SNYK:JS-PAYLOADCMSSTORAGES3-15873860...

6.5CVSS5.8AI score0.00341EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/01 9:19 p.m.4 views

@adenta/cms (>=0.0.6 <=1.1.1-0), @ainsleydev/payload-helper (>=0.0.6 <=0.3.2) +24 more potentially affected by CVE-2026-34747 via @payloadcms/drizzle (>=3.0.0-beta.100 <=3.79.0)

@payloadcms/drizzle NPM version =3.0.0-beta.100, =0.0.6, =0.0.6, =3.22.1, =3.37.0, =1.0.0, =3.53.0, =3.61.1-2, =3.50.0-internal.ca62628, =3.0.0, =3.0.0, =3.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2026-34747 Source advisory: SNYK:JS-PAYLOADCMSDRIZZLE-15873854...

8.5CVSS5.8AI score0.00317EPSS
Exploits0
NVD
NVD
added 2026/04/01 8:16 p.m.8 views

CVE-2026-34748

Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/next, a stored Cross-Site Scripting XSS vulnerability existed in the admin panel. An authenticated user with write access to a collection could save content that, when viewed by another...

8.7CVSS0.00286EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 7:48 p.m.23 views

CVE-2026-34748

Summary: CVE-2026-34748 affects the Payload CMS project, specifically the @payloadcms/next package. A stored XSS vulnerability existed in the admin panel prior to version 3.78.0, exploitable by an authenticated user with write access to a collection who saves content that would execute in another...

8.7CVSS5.8AI score0.00286EPSS
Exploits0References1Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/01 4:8 p.m.9 views

@adenta/cms (>=0.0.6 <=1.1.1-0), @anjy7/navbar-cms (=0.0.5) +25 more potentially affected by CVE-2026-34751 via @payloadcms/graphql (>=3.0.0-alpha.0 <=3.79.0)

@payloadcms/graphql NPM version =3.0.0-alpha.0, =0.0.6, =0.1.2, =1.0.2, =0.1.0, =3.0.0, =3.2.0, =0.2.0, =3.0.0-beta.10, =1.0.54, =1.0.1, =0.1.0, =0.1.1 and more Source cves: CVE-2026-34751 Source advisory: OSV:GHSA-HP5W-3HXX-VMWF...

9.1CVSS5.8AI score0.00306EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/01 4:8 p.m.6 views

@adenta/cms (>=0.0.6 <=1.1.1-0), @anjy7/navbar-cms (=0.0.5) +25 more potentially affected by CVE-2026-34751 via @payloadcms/graphql (>=3.0.0-alpha.0 <=3.79.0)

@payloadcms/graphql NPM version =3.0.0-alpha.0, =0.0.6, =0.1.2, =1.0.2, =0.1.0, =3.0.0, =3.2.0, =0.2.0, =3.0.0-beta.10, =1.0.54, =1.0.1, =0.1.0, =0.1.1 and more Source cves: CVE-2026-34751 Source advisory: SNYK:JS-PAYLOADCMSGRAPHQL-15871107...

9.1CVSS5.8AI score0.00306EPSS
Exploits0
Snyk
Snyk
added 2026/02/05 8:51 p.m.3 views

SQL Injection

Overview @payloadcms/db-vercel-postgres is a Vercel Postgres adapter for Payload Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user accounts by injecting crafte...

9.8CVSS5.8AI score0.00453EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/02/05 8:51 p.m.6 views

@adenta/cms (>=0.0.6 <=1.1.1-0), @ainsleydev/payload-helper (>=0.0.6 <=0.1.2) +23 more potentially affected by CVE-2026-25544 via @payloadcms/drizzle (>=3.0.0-beta.100 <=3.73.0-internal.783bc97)

@payloadcms/drizzle NPM version =3.0.0-beta.100, =0.0.6, =0.0.6, =3.22.1, =3.37.0, =1.0.0, =3.53.0, =3.61.1-2, =3.50.0-internal.ca62628, =3.0.0, =3.0.0, =3.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2026-25544 Source advisory: OSV:GHSA-XX6W-JXG9-2WH8...

9.8CVSS5.8AI score0.00453EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/05 8:51 p.m.5 views

@adenta/cms (>=0.0.6 <=1.1.1-0), @anjy7/navbar-cms (=0.0.5) +21 more potentially affected by CVE-2026-25544 via @payloadcms/next (>=3.0.0-alpha.46 <=3.73.0-internal.783bc97)

@payloadcms/next NPM version =3.0.0-alpha.46, =0.0.6, =0.1.2, =1.0.2, =0.1.0, =3.2.0, =0.2.0, =1.0.54, =0.1.0, =0.1.4, =1.0.0, =0.0.5, =0.0.1, =0.0.4 and more Source cves: CVE-2026-25544 Source advisory: SNYK:JS-PAYLOADCMSNEXT-15240192...

9.8CVSS5.8AI score0.00453EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-1851

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.02164EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2025/08/29 12:31 p.m.6 views

@anjy7/navbar-cms (=0.0.5), @contentql/core (>=0.1.2 <=0.3.5) +17 more potentially affected by CVE-2025-4643 +1 more via @payloadcms/graphql (>=3.0.0-alpha.0 <=3.44.0-internal.6b79dc2)

@payloadcms/graphql NPM version =3.0.0-alpha.0, =0.1.2, =0.1.0, =3.0.0, =3.2.0, =0.2.0, =3.0.0-beta.10, =1.0.1, =0.1.0, =0.1.4, =1.0.0, =0.0.5, =0.0.1, =0.0.9-alpha.52, =0.0.5, =1.0.3 and more Source cves: CVE-2025-4643, CVE-2025-4644 Source advisory: OSV:GHSA-26RV-H2HF-3FW4...

6.3CVSS5.7AI score0.00484EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/08/29 12:31 p.m.7 views

@anjy7/navbar-cms (=0.0.5), @contentql/core (>=0.1.2 <=0.3.5) +17 more potentially affected by CVE-2025-4643 via @payloadcms/graphql (>=3.0.0-alpha.0 <=3.44.0-internal.6b79dc2)

@payloadcms/graphql NPM version =3.0.0-alpha.0, =0.1.2, =0.1.0, =3.0.0, =3.2.0, =0.2.0, =3.0.0-beta.10, =1.0.1, =0.1.0, =0.1.4, =1.0.0, =0.0.5, =0.0.1, =0.0.9-alpha.52, =0.0.5, =1.0.3 and more Source cves: CVE-2025-4643 Source advisory: OSV:GHSA-5V66-M237-HWF7...

6.3CVSS5.7AI score0.00484EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/08/29 12:31 p.m.10 views

@anjy7/navbar-cms (=0.0.5), @contentql/core (>=0.1.2 <=0.3.5) +14 more potentially affected by CVE-2025-4643 via @payloadcms/next (>=3.0.0-alpha.46 <=3.44.0-internal.6b79dc2)

@payloadcms/next NPM version =3.0.0-alpha.46, =0.1.2, =0.1.0, =3.2.0, =0.2.0, =0.1.0, =0.1.4, =1.0.0, =0.0.5, =0.0.1, =0.0.9-alpha.52, =0.0.5, =3.0.0-beta.3, =0.0.3, =1.0.0 and more Source cves: CVE-2025-4643 Source advisory: OSV:GHSA-5V66-M237-HWF7...

6.3CVSS5.7AI score0.00484EPSS
Exploits0
Rows per page
Query Builder