CVE-2026-34750 Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints

Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3, the client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize...

EUVD-2022-27845

Malicious code in bioql PyPI...

Cross-Site Scripting (XSS)

quivr is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of URL uploads, allowing users to insert malicious JavaScript payloads. Attackers can use this to execute JavaScript whenever any user clicks on a link containing the payload...