VIR Vulnerability Intelligence Relay

Package impact

npm npm / @delmaredigital/payload-puck

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-39397 unknown 2mo ago @delmaredigital/payload-puc is missing authorization on /api/puck/* CRUD endpoints allows unauthenticated access to Puck-registered collections