GHSA-6R7F-Q7F5-WPX8 Payload has Authenticated SSRF via Upload Functionality

Impact An authenticated Server-Side Request Forgery SSRF vulnerability existed in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the server to make outbound HTTP requests to arbitrary URLs. Consumers are affected if ALL of...

CVE-2026-34746

Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery SSRF vulnerability exists in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the serve...

CVE-2026-34746 Payload has Authenticated SSRF via Upload Functionality

Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery SSRF vulnerability exists in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the serve...

CVE-2026-34746 Payload has Authenticated SSRF via Upload Functionality

Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery SSRF vulnerability exists in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the serve...

EUVD-2020-2568

Malware in sbrugna...

EUVD-2020-4565

Malware in sbrugna...

EUVD-2008-4112

Malware in sbrugna...

EUVD-2019-8773

Malware in sbrugna...

EUVD-2007-4629

Malware in sbrugna...

EUVD-2024-27288

Malicious code in bioql PyPI...

EUVD-2025-1698

Malicious code in bioql PyPI...

EUVD-2022-31160

Malicious code in bioql PyPI...

EUVD-2022-30417

Malicious code in bioql PyPI...

EUVD-2025-22860

Malicious code in bioql PyPI...

EUVD-2022-41449

Malicious code in bioql PyPI...

EUVD-2025-6177

Malicious code in bioql PyPI...

CVE-2025-50688

A command injection vulnerability exists in TwistedWeb version 14.0.0 due to improper input sanitization in the file upload functionality. An attacker can exploit this vulnerability by sending a specially crafted HTTP PUT request to upload a malicious file e.g., a reverse shell script. Once...

CVE-2025-27801

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. ContentReference properties, which could be used in the "Edit"...

CVE-2024-23734

Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link...

CVE-2023-4817

This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device...