3 matches found
CVE-2026-25574
Payload is a free and open source headless content management system. Prior to 3.74.0, a cross-collection Insecure Direct Object Reference IDOR vulnerability exists in the payload-preferences internal collection. In multi-auth collection environments using Postgres or SQLite with default...
CVE-2026-25574
Payload is a free and open source headless content management system. Prior to 3.74.0, a cross-collection Insecure Direct Object Reference IDOR vulnerability exists in the payload-preferences internal collection. In multi-auth collection environments using Postgres or SQLite with default...
Payload 安全漏洞
Payload is a headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Versions of Payload prior to 3.74.0 have a security vulnerability. This vulnerability stems from an insecure direct object reference within the payload-preferences collection. In environments...