Vulnerabilities in payloadcms
10 resultsCVE-2023-30843HIGHPayload's hidden fields can be leaked on readable collectionsEPSS 0.6%CVE-2026-25544CRITICALPayload has an SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite AdaptersEPSS 0.5%CVE-2026-34750MEDIUMPayload has Insufficient Filename Validation in Client-Upload Signed-URL EndpointsEPSS 0.3%CVE-2026-34747HIGHPayload has an SQL Injection via Query HandlingEPSS 0.3%CVE-2026-34751CRITICALPayload has Unvalidated Input in Password Recovery EndpointsEPSS 0.3%CVE-2026-34746HIGHPayload has Authenticated SSRF via Upload FunctionalityEPSS 0.3%CVE-2026-27567MEDIUMPayload has Server-Side Request Forgery (SSRF) in External File URL UploadsEPSS 0.3%CVE-2026-34748HIGH@payloadcms/next has Stored XSS in Admin PanelEPSS 0.3%CVE-2026-25574MEDIUMPayload Affected by Cross-Collection IDOR in payload-preferences Access Control (Multi-Auth Environments)EPSS 0.2%CVE-2026-34749MEDIUMPayload has a CSRF Protection Bypass in Authentication FlowEPSS 0.1%