CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/04/01 8:16 p.m.•3 views

CVE-2026-34750

Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3, the client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize...

6.5CVSS0.00341EPSS

Cvelist•added 2026/04/01 7:51 p.m.•20 views

CVE-2026-34750 Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints

6.5CVSS0.00341EPSS

Vulnrichment•added 2026/04/01 7:51 p.m.•2 views

CVE-2026-34750 Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints

6.5CVSS5.8AI score0.00341EPSS

Cvelist•added 2026/04/01 7:49 p.m.•18 views

CVE-2026-34749 Payload has a CSRF Protection Bypass in Authentication Flow

Payload is a free and open source headless content management system. Prior to version 3.79.1, a Cross-Site Request Forgery CSRF vulnerability exists in the authentication flow. Under certain conditions, the configured CSRF protection could be bypassed, allowing cross-site requests to be made. Th...

5.4CVSS0.00129EPSS

CVE•added 2026/04/01 7:49 p.m.•13 views

CVE-2026-34749

The CVE-2026-34749 entry concerns Payload CMS (headless CMS). A CSRF vulnerability existed in the authentication flow prior to version 3.79.1, where under certain conditions the configured CSRF protection could be bypassed, allowing cross-site requests. The issue has been fixed in version 3.79.1....

5.4CVSS5.7AI score0.00129EPSS

Cvelist•added 2026/04/01 7:48 p.m.•17 views

CVE-2026-34748 @payloadcms/next has Stored XSS in Admin Panel

Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/next, a stored Cross-Site Scripting XSS vulnerability existed in the admin panel. An authenticated user with write access to a collection could save content that, when viewed by another...

8.7CVSS0.00286EPSS

ATTACKERKB•added 2026/04/01 7:48 p.m.•4 views

CVE-2026-34748

8.7CVSS5.8AI score0.00286EPSS

Cvelist•added 2026/04/01 7:45 p.m.•17 views

CVE-2026-34747 Payload has an SQL Injection via Query Handling

Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifying data in collections. This issue has been patche...

8.5CVSS0.00317EPSS

Vulnrichment•added 2026/04/01 7:45 p.m.•0 views

CVE-2026-34747 Payload has an SQL Injection via Query Handling

8.5CVSS5.8AI score0.00317EPSS

CVE•added 2026/04/01 7:45 p.m.•8 views

CVE-2026-34747

Payload CMS prior to version 3.79.1 contains an input validation flaw that allows crafting requests to influence SQL query execution in collection data. The vulnerability affects the free, open-source headless CMS (Payload CMS) and arises from improper validation of certain request inputs. This c...

8.5CVSS5.8AI score0.00317EPSS

ATTACKERKB•added 2026/04/01 7:43 p.m.•4 views

CVE-2026-34746

Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery SSRF vulnerability exists in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the serve...

7.7CVSS5.9AI score0.00296EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/04/01 5:42 p.m.•4 views

CVE-2026-34751 Payload has Unvalidated Input in Password Recovery Endpoints

Payload is a free and open source headless content management system. Prior to version 3.79.1 in @payloadcms/graphql and payload, a vulnerability in the password recovery flow could allow an unauthenticated attacker to perform actions on behalf of a user who initiates a password reset. This issue...

9.1CVSS5.8AI score0.00306EPSS

Cvelist•added 2026/04/01 5:42 p.m.•19 views

CVE-2026-34751 Payload has Unvalidated Input in Password Recovery Endpoints

9.1CVSS0.00306EPSS

CVE•added 2026/04/01 5:42 p.m.•16 views

CVE-2026-34751

Payload CMS (including @payloadcms/graphql and the core payload) contains a password-recovery flow vulnerability prior to version 3.79.1 that could allow an unauthenticated attacker to act on behalf of a user initiating a password reset. The issue is rated at CVSS v3.1 base score 9.1 (CRITICAL) w...

9.1CVSS5.8AI score0.00306EPSS

RedhatCVE•added 2026/04/01 5:39 p.m.•4 views

CVE-2026-5203

A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the...

5.8CVSS5.5AI score0.00317EPSS

Exploits1References1

NVD•added 2026/04/01 5:28 p.m.•4 views

CVE-2026-34604

Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment checks in FilesystemBridge. That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the allowed conten...

8.8CVSS0.00372EPSS

Cvelist•added 2026/04/01 4:8 p.m.•28 views

CVE-2026-34603 @tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions

Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link already exists under the...

7.1CVSS0.00408EPSS

Vulnrichment•added 2026/04/01 4:8 p.m.•1 views

CVE-2026-34603 @tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions

7.1CVSS5.8AI score0.00408EPSS