Headless CMS

Critical Strapi Flaws Enable Unauthenticated Admin Takeover and Server RCE Strapi CMS Vulnerabilities CVE-2026-27886 Admin Takeover

Strapi CMS Vulnerabilities CVE-2026-27886 Admin Takeover

Critical Strapi Flaws Enable Unauthenticated Admin Takeover and Server RCE

Ddos May 18, 2026

A pair of severe vulnerabilities discovered in Strapi, the widely used open-source headless Content Management System (CMS),...

Password Hijack in the Modern Stack: Payload CMS Patches Critical 9.1 CVSS Reset Flaw Payload CMS Vulnerability CVE-2026-34751

Payload CMS Vulnerability CVE-2026-34751

Password Hijack in the Modern Stack: Payload CMS Patches Critical 9.1 CVSS Reset Flaw

Ddos April 3, 2026

The rapid-growth, fullstack Next.js framework Payload—known for giving developers “instant backend superpowers” —is facing a serious security...

CVE-2026-25544: Critical Payload CMS SQLi (CVSS 9.8) Exposes Admin Tokens Payload CMS Vulnerability CVE-2026-25544

Payload CMS Vulnerability CVE-2026-25544

CVE-2026-25544: Critical Payload CMS SQLi (CVSS 9.8) Exposes Admin Tokens

Ddos February 10, 2026

A massive security hole has been blown open in Payload, the popular “Next.js native CMS” designed to...