diff --git a/README.md b/README.md
index 515ad9c..5b45fb4 100644
--- a/README.md
+++ b/README.md
@@ -227,8 +227,11 @@ CVE Lite CLI has been evaluated against real open-source projects to verify that
 - [CamoFox Browser](https://owasp.org/cve-lite-cli/docs/case-studies/camofox-browser) — verified baseline scan of an AI agent browser automation npm graph (435 packages, 2 findings at revision `ce3a3b0`) with dual `qs` fix strategies — within-range `npm update qs` and parent `npm install express@4.22.2`
 - [Storybook](https://owasp.org/cve-lite-cli/docs/case-studies/storybook) — verified baseline scan of a Yarn Berry monorepo (3,008 packages, 92 findings at revision `cc19ae1`) spanning cross-framework sandbox templates, five critical transitive chains, and one direct vite fix command
 - [Twenty](https://owasp.org/cve-lite-cli/docs/case-studies/twenty) — verified baseline scan of an open-source CRM Yarn Berry monorepo (5,451 packages, 105 findings at revision `fc90b4b`) with 0 direct findings, six critical test-stack chains, and four Nx parent-upgrade command groups
+- [Strapi](https://owasp.org/cve-lite-cli/docs/case-studies/strapi) — verified baseline scan of a headless CMS Yarn Berry monorepo (2,887 packages, 18 findings) with two direct findings (`lodash`, `qs`) and mixed transitive remediation paths
+- [Payload CMS](https://owasp.org/cve-lite-cli/docs/case-studies/payload) — verified baseline scan of a TypeScript-first headless CMS pnpm monorepo (2,602 packages, 18 findings) with one direct finding and workspace-scoped fix commands
+- [Presenton](https://owasp.org/cve-lite-cli/docs/case-studies/presenton) — verified baseline scan of an AI presentation generator with dual npm lockfiles (root + Electron shell), demonstrating multi-lockfile coverage across 9 findings
 
-In-repo lockfile fixtures for Astro, Turborepo, Visual Studio Code, Gatsby, Vercel AI SDK, Mastra, Lit, LangChain.js, OpenAI Agents JS, n8n, CamoFox Browser, Storybook, and Twenty live under [`examples/`](examples/readme.md) — clone the repo and scan immediately without downloading full upstream checkouts.
+In-repo lockfile fixtures for Astro, Turborepo, Visual Studio Code, Gatsby, Vercel AI SDK, Mastra, Lit, LangChain.js, OpenAI Agents JS, n8n, CamoFox Browser, Storybook, Twenty, Strapi, Payload CMS, and Presenton live under [`examples/`](examples/readme.md) — clone the repo and scan immediately without downloading full upstream checkouts.
 
 These are not demos. They are documented scans against real codebases with real findings, recorded before and after applying fix commands.
 
diff --git a/examples/readme.md b/examples/readme.md
index eda5efd..3bc2bbd 100644
--- a/examples/readme.md
+++ b/examples/readme.md
@@ -155,7 +155,9 @@ Full project clones used for real-world testing. Not committed to this repo —
 | `juice-shop` | npm | https://github.com/juice-shop/juice-shop | Large real-world project (OWASP Juice Shop) with broad vulnerability surface. |
 | `ghost` | pnpm | https://github.com/TryGhost/Ghost | Professional publishing platform — 26 transitive vulnerabilities in 4,447 packages including critical XSS in sanitize-html. |
 | `prisma` | pnpm | https://github.com/prisma/prisma | TypeScript ORM — real-world pnpm monorepo scan. |
-| `strapi` | yarn | https://github.com/strapi/strapi | Headless CMS — real-world Yarn lockfile scan. |
+| `strapi` | Yarn Berry | https://github.com/strapi/strapi | Headless CMS monorepo — 2,887 packages, 2 direct findings (`lodash`, `qs`). |
+| `payload` | pnpm | https://github.com/payloadcms/payload | TypeScript-first headless CMS — 2,602 packages, 1 direct finding, workspace-scoped remediation. |
+| `presenton` | npm (dual) | https://github.com/presenton/presenton | AI presentation generator — dual lockfiles (root + Electron), 9 findings. |
 
 ## Usage
 
diff --git a/website/docs/case-studies/index.md b/website/docs/case-studies/index.md
index 6893632..411dbbe 100644
--- a/website/docs/case-studies/index.md
+++ b/website/docs/case-studies/index.md
@@ -21,7 +21,10 @@ CVE Lite CLI is an [OWASP Incubator Project](https://owasp.org/cve-lite-cli/).
 | [Lit](./lit.md) | npm | Web components reference implementation — 2,059 packages, 3 direct rollup findings with workspace-scoped fix commands, 5 critical transitive |
 | [NestJS](./nestjs.md) | npm | 26 findings, 25 transitive - CVE Lite surfaces the one actionable direct fix |
 | [OWASP Juice Shop](./owasp-juice-shop.md) | npm | Multiple critical/high direct findings with copy-and-run fix commands |
+| [Payload CMS](./payload.md) | pnpm | TypeScript-first headless CMS — 2,602 packages, 1 direct finding, workspace-scoped remediation |
+| [Presenton](./presenton.md) | npm (dual lockfile) | AI presentation generator — dual npm lockfiles (root + Electron), 9 findings, 5 fix groups |
 | [Storybook](./storybook.md) | npm | Frontend tooling, large dependency graph |
+| [Strapi](./strapi.md) | Yarn Berry | Headless CMS monorepo — 2,887 packages, 2 direct findings (`lodash`, `qs`), 15 transitive |
 | [VS Code](./vscode.md) | npm | `@anthropic-ai/sdk@0.81/0.82` as direct Copilot dependencies |
 | [Analog](./analog.md) | pnpm | Angular meta-framework monorepo, pnpm workspace scanning |
 | [Astro](./astro.md) | pnpm | Large pnpm monorepo with verified baseline scan documentation |
diff --git a/website/sidebars.ts b/website/sidebars.ts
index 76b8125..279fa05 100644
--- a/website/sidebars.ts
+++ b/website/sidebars.ts
@@ -75,7 +75,10 @@ const sidebars: SidebarsConfig = {
         'case-studies/openai-agents-js',
         'case-studies/n8n',
         'case-studies/camofox-browser',
+        'case-studies/payload',
+        'case-studies/presenton',
         'case-studies/storybook',
+        'case-studies/strapi',
         'case-studies/twenty',
       ],
     },