Lucene search
+L

4 matches found

Circl
Circl
added 2026/04/01 6:29 p.m.5 views

CVE-2026-34751

creationtimestamp| type| source ---|---|--- 2026-04-01 18:29:32+00:00| seen| https://bsky.app/profile/flarestart.bsky.social/post/3mihd3wxy7w2m 2026-04-01 21:20:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mihmn3nyzl2g 2026-04-02 05:26:16+00:00| seen|...

9.1CVSS4.8AI score0.00306EPSS
Exploits0References3
OSV
OSV
added 2026/04/01 5:42 p.m.3 views

CVE-2026-34751 Payload has Unvalidated Input in Password Recovery Endpoints

Payload is a free and open source headless content management system. Prior to version 3.79.1 in @payloadcms/graphql and payload, a vulnerability in the password recovery flow could allow an unauthenticated attacker to perform actions on behalf of a user who initiates a password reset. This issue...

9.1CVSS5.9AI score0.00306EPSS
Exploits0References4
CVE
CVE
added 2026/04/01 5:42 p.m.22 views

CVE-2026-34751

Payload CMS (including @payloadcms/graphql and the core payload) contains a password-recovery flow vulnerability prior to version 3.79.1 that could allow an unauthenticated attacker to act on behalf of a user initiating a password reset. The issue is rated at CVSS v3.1 base score 9.1 (CRITICAL) w...

9.1CVSS5.8AI score0.00306EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/01 4:8 p.m.9 views

@adenta/cms (>=0.0.6 <=1.1.1-0), @anjy7/navbar-cms (=0.0.5) +25 more potentially affected by CVE-2026-34751 via @payloadcms/graphql (>=3.0.0-alpha.0 <=3.79.0)

@payloadcms/graphql NPM version =3.0.0-alpha.0, =0.0.6, =0.1.2, =1.0.2, =0.1.0, =3.0.0, =3.2.0, =0.2.0, =3.0.0-beta.10, =1.0.54, =1.0.1, =0.1.0, =0.1.1 and more Source cves: CVE-2026-34751 Source advisory: OSV:GHSA-HP5W-3HXX-VMWF...

9.1CVSS5.8AI score0.00306EPSS
Exploits0
Rows per page
Query Builder