5.4
CVE-2026-34749 - Payload has a CSRF Protection Bypass in Authentication Flow
Payload is a free and open source headless content management system. Prior to version 3.79.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the authentication flow. Under certain conditions, the configured CSRF protection could be bypassed, allowing cross-site requests to be made. Thβ¦
8.7
CVE-2026-34748 - @payloadcms/next has Stored XSS in Admin Panel
Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/next, a stored Cross-Site Scripting (XSS) vulnerability existed in the admin panel. An authenticated user with write access to a collection could save content that, when viewed by another usβ¦
8.5
CVE-2026-34747 - Payload has an SQL Injection via Query Handling
Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifying data in collections. This issue has been patched β¦
6.9
CVE-2026-5311 - D-Link DNS-1550-04 file_center.cgi Webdav_Access_List access control
A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav_Acβ¦
7.7
CVE-2026-34746 - Payload has Authenticated SSRF via Upload Functionality
Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the serveβ¦
7.1
CVE-2026-35000 - ChangeDetection.io < 0.54.7 SafeXPath3Parser Bypass Arbitrary File Read
ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary local files by using unblocked XPath 3.0/3.1 functions such as json-doc() and similar file-access primitives. Attackers can exploit thβ¦
2.3
CVE-2026-5199 - Cross Namespace Access via Batch Operation
A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow ID(s) and, for signal operations, signal names. This was due to a buβ¦
9.1
CVE-2026-34751 - Payload has Unvalidated Input in Password Recovery Endpoints
Payload is a free and open source headless content management system. Prior to version 3.79.1 in @payloadcms/graphql and payload, a vulnerability in the password recovery flow could allow an unauthenticated attacker to perform actions on behalf of a user who initiates a password reset. This issue hβ¦
5.5
CVE-2026-34447 - ONNX: External Data Symlink Traversal
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0.
4.7
CVE-2026-34446 - ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a regular file on theβ¦