delmaredigital CVE Vulnerabilities & CVE List (1)

Products (CPE): — CVEs: 1

delmaredigital vulnerability overview

This page aggregates publicly disclosed CVE and security risk information related to delmaredigital, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.

Vulnerability distribution trend (last 24 months)

Showing 11 of 1 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2026-39397 @delmaredigital/payload-puck is a PayloadCMS plugin for integrating Puck visual page builder. Prior to 0.6.23, all /api/puck/* CRUD endpoint handlers registered by createPuckPlugin() called Payload's local API with the default overrideAccess: true, bypassing all collection-level access control. The access option passed to createPuckPlugin() and any access rules defined on Puck-registered collections were silently ignored on these endpoints. This vulnerability is fixed in 0.6.23. [email protected] 9.4 0.38% 2026-04-07 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence