11 matches found
CVE-2022-27952
CVE-2022-27952 corresponds to an arbitrary file upload vulnerability in PayloadCMS v0.15.0. The affected component is PayloadCMS’ file upload module, where crafted SVG files can lead to arbitrary code execution. The provided connected documents confirm the vulnerability and impact but do not supp...
CVE-2023-30843
Payload CMS information disclosure vulnerability (CVE-2023-30843) affects versions prior to 1.7.0 where a user with access to documents containing hidden or inaccessible fields could reverse‑engineer those values via brute force. A patch is included in version 1.7.0. A workaround mentioned in sou...
CVE-2026-27567
Payload CMS (free, open source headless) prior to v3.75.0 contains an SSRF in external file URL uploads. When processing external URLs, insufficient validation of HTTP redirects can allow an authenticated user with upload permissions (needs a collection with upload enabled and create access) to c...
CVE-2026-25544
Payload CMS (free/open-source headless CMS) prior to v3.73.0 is vulnerable to blind SQL injection in JSON and richText queries when using PostgreSQL/SQLite adapters. User input is embedded into SQL without escaping, enabling unauthenticated data disclosure (emails, password reset tokens) and full...
CVE-2026-34748
Summary: CVE-2026-34748 affects the Payload CMS project, specifically the @payloadcms/next package. A stored XSS vulnerability existed in the admin panel prior to version 3.78.0, exploitable by an authenticated user with write access to a collection who saves content that would execute in another...
CVE-2026-25574
Payload CMS prior to 3.74.0 is affected by a cross-collection IDOR in the payload-preferences internal collection. In multi-auth environments using Postgres or SQLite with default serial/auto-increment IDs, authenticated users from one auth collection can read and delete preferences belonging to ...
CVE-2026-34751
Payload CMS (including @payloadcms/graphql and the core payload) contains a password-recovery flow vulnerability prior to version 3.79.1 that could allow an unauthenticated attacker to act on behalf of a user initiating a password reset. The issue is rated at CVSS v3.1 base score 9.1 (CRITICAL) w...
CVE-2026-34749
The CVE-2026-34749 entry concerns Payload CMS (headless CMS). A CSRF vulnerability existed in the authentication flow prior to version 3.79.1, where under certain conditions the configured CSRF protection could be bypassed, allowing cross-site requests. The issue has been fixed in version 3.79.1....
CVE-2026-34746
CVE-2026-34746 concerns Payload CMS, specifically an authenticated Server-Side Request Forgery (SSRF) in the upload functionality present before version 3.79.1. The vulnerability requires an authenticated user with create or update access to an upload-enabled collection and could cause the server...
CVE-2026-34747
Payload CMS prior to version 3.79.1 contains an input validation flaw that allows crafting requests to influence SQL query execution in collection data. The vulnerability affects the free, open-source headless CMS (Payload CMS) and arises from improper validation of certain request inputs. This c...
CVE-2026-34750
Payload CMS is affected by CVE-2026-34750 due to improper sanitization of filenames in client-upload signed-URL endpoints for storage backends (storage-azure, storage-gcs, storage-r2, storage-s3) prior to version 3.78.0. An attacker could craft filenames to escape the intended storage location. A...