Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2026/04/01 10:26 p.m.12 views

@ainsleydev/payload-helper (>=0.0.16 <=0.0.20), @contentql/core (>=0.1.2 <=0.3.5) +2 more potentially affected by CVE-2026-34750 via @payloadcms/storage-s3 (>=3.0.0-beta.111 <=3.0.0-beta.91)

@payloadcms/storage-s3 NPM version =3.0.0-beta.111, =0.0.16, =0.1.2, =0.1.0, =0.1.4, =0.1.5 Source cves: CVE-2026-34750 Source advisory: SNYK:JS-PAYLOADCMSSTORAGES3-15873860...

6.5CVSS5.8AI score0.00341EPSS
Exploits0
Snyk
Snyk
added 2026/04/01 10:26 p.m.3 views

Directory Traversal

Overview @payloadcms/storage-s3 is a Payload storage adapter for Amazon S3 Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of filenames in the client-upload signed-URL endpoints for S3, GCS, Azure, and R2. An attacker can escape the intended...

7.1CVSS6.5AI score0.00341EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/01 9:44 p.m.6 views

@ainsleydev/payload-helper (>=0.0.16 <=0.0.20), @contentql/core (>=0.1.2 <=0.3.5) +2 more potentially affected by CVE-2026-34750 via @payloadcms/storage-s3 (>=3.0.0-beta.111 <=3.0.0-beta.91)

@payloadcms/storage-s3 NPM version =3.0.0-beta.111, =0.0.16, =0.1.2, =0.1.0, =0.1.4, =0.1.5 Source cves: CVE-2026-34750 Source advisory: OSV:GHSA-FRQ9-7J6G-V74X...

6.5CVSS5.8AI score0.00341EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/01/31 2:13 p.m.7 views

@aaa-backend-stack/file-storage-local (>=1.16.0 <=2.4.4), @aaa-backend-stack/file-storage-s3 (>=1.16.0 <=2.4.4) +602 more potentially affected by unknown CVE via zxcvbn (>=2.0.1 <=4.4.2)

zxcvbn NPM version =2.0.1, =1.16.0, =1.16.0, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.1, =1.0.0, =0.0.9, =1.7.7, =2.0.6, =0.0.5, =2.0.10 - @abler/ats-front-resources-api =1.1.10 and more Source cves: unknown CVE Source advisory: SNYK:JS-ZXCVBN-3257741...

5.7AI score
Exploits0
Rows per page
Query Builder