CVE-2026-34751 | payloadcms payload up to 3.79.0 Password Reset external control of assumed-immutable web parameter (GHSA-hp5w-3hxx-vmwf)

Inserito da Angelo Barbosa | Apr 1, 2026 | CVE

A vulnerability, which was classified as critical, was found in payloadcms payload up to 3.79.0. This impacts an unknown function of the component Password Reset Handler. Executing a manipulation can lead to external control of assumed-immutable web parameter.

This vulnerability appears as CVE-2026-34751. The attack may be performed from remote. There is no available exploit.

You should upgrade the affected component.

CVE-2026-34751 | payloadcms payload up to 3.79.0 Password Reset external control of assumed-immutable web parameter (GHSA-hp5w-3hxx-vmwf)

Post correlati

CVE-2025-53658 | Applitools Eyes Plugin up to 1.16.5 on Jenkins cross site scripting

CVE-2024-6278 | lahirudanushka School Management System 1.0.0/1.0.1 Subject Page subject.php update sql injection

CVE-2025-5376 | SourceCodester Health Center Patient Record Management System 1.0 /patient.php itr_no sql injection

CVE-2024-26279 | Joomla CMS up to 3.10.14/4.4.2/5.0.2 cross site scripting