Lucene search
K
PayloadcmsPayload

11 matches found

CVE
CVE
added 2022/04/12 4:29 p.m.117 views

CVE-2022-27952

CVE-2022-27952 corresponds to an arbitrary file upload vulnerability in PayloadCMS v0.15.0. The affected component is PayloadCMS’ file upload module, where crafted SVG files can lead to arbitrary code execution. The provided connected documents confirm the vulnerability and impact but do not supp...

9.8CVSS9.5AI score0.02164EPSS
CVE
CVE
added 2023/04/26 8:32 p.m.58 views

CVE-2023-30843

Payload CMS information disclosure vulnerability (CVE-2023-30843) affects versions prior to 1.7.0 where a user with access to documents containing hidden or inaccessible fields could reverse‑engineer those values via brute force. A patch is included in version 1.7.0. A workaround mentioned in sou...

7.4CVSS6.6AI score0.0063EPSS
CVE
CVE
added 2026/02/24 2:22 p.m.25 views

CVE-2026-27567

Payload CMS (free, open source headless) prior to v3.75.0 contains an SSRF in external file URL uploads. When processing external URLs, insufficient validation of HTTP redirects can allow an authenticated user with upload permissions (needs a collection with upload enabled and create access) to c...

6.5CVSS5.5AI score0.00288EPSS
CVE
CVE
added 2026/02/06 9:7 p.m.23 views

CVE-2026-25544

Payload CMS (free/open-source headless CMS) prior to v3.73.0 is vulnerable to blind SQL injection in JSON and richText queries when using PostgreSQL/SQLite adapters. User input is embedded into SQL without escaping, enabling unauthenticated data disclosure (emails, password reset tokens) and full...

9.8CVSS5.7AI score0.00453EPSS
CVE
CVE
added 2026/04/01 7:48 p.m.19 views

CVE-2026-34748

Summary: CVE-2026-34748 affects the Payload CMS project, specifically the @payloadcms/next package. A stored XSS vulnerability existed in the admin panel prior to version 3.78.0, exploitable by an authenticated user with write access to a collection who saves content that would execute in another...

8.7CVSS5.8AI score0.00286EPSS
CVE
CVE
added 2026/02/06 9:4 p.m.18 views

CVE-2026-25574

Payload CMS prior to 3.74.0 is affected by a cross-collection IDOR in the payload-preferences internal collection. In multi-auth environments using Postgres or SQLite with default serial/auto-increment IDs, authenticated users from one auth collection can read and delete preferences belonging to ...

5.4CVSS5.3AI score0.00193EPSS
CVE
CVE
added 2026/04/01 5:42 p.m.17 views

CVE-2026-34751

Payload CMS (including @payloadcms/graphql and the core payload) contains a password-recovery flow vulnerability prior to version 3.79.1 that could allow an unauthenticated attacker to act on behalf of a user initiating a password reset. The issue is rated at CVSS v3.1 base score 9.1 (CRITICAL) w...

9.1CVSS5.8AI score0.00306EPSS
CVE
CVE
added 2026/04/01 7:49 p.m.15 views

CVE-2026-34749

The CVE-2026-34749 entry concerns Payload CMS (headless CMS). A CSRF vulnerability existed in the authentication flow prior to version 3.79.1, where under certain conditions the configured CSRF protection could be bypassed, allowing cross-site requests. The issue has been fixed in version 3.79.1....

5.4CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2026/04/01 7:43 p.m.13 views

CVE-2026-34746

CVE-2026-34746 concerns Payload CMS, specifically an authenticated Server-Side Request Forgery (SSRF) in the upload functionality present before version 3.79.1. The vulnerability requires an authenticated user with create or update access to an upload-enabled collection and could cause the server...

7.7CVSS5.9AI score0.00296EPSS
CVE
CVE
added 2026/04/01 7:45 p.m.9 views

CVE-2026-34747

Payload CMS prior to version 3.79.1 contains an input validation flaw that allows crafting requests to influence SQL query execution in collection data. The vulnerability affects the free, open-source headless CMS (Payload CMS) and arises from improper validation of certain request inputs. This c...

8.5CVSS5.8AI score0.00317EPSS
CVE
CVE
added 2026/04/01 7:51 p.m.9 views

CVE-2026-34750

Payload CMS is affected by CVE-2026-34750 due to improper sanitization of filenames in client-upload signed-URL endpoints for storage backends (storage-azure, storage-gcs, storage-r2, storage-s3) prior to version 3.78.0. An attacker could craft filenames to escape the intended storage location. A...

6.5CVSS5.8AI score0.00341EPSS