Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
strapi vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2020-27665
In Strapi prior to 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes.
Strapi Strapi
312
VMScore
CVE-2020-27666
Strapi prior to 3.2.5 has stored XSS in the wysiwyg editor's preview feature.
Strapi Strapi
NA
CVE-2022-31367
Strapi prior to 3.6.10 and 4.x prior to 4.1.10 mishandles hidden attributes within admin API responses.
Strapi Strapi
356
VMScore
CVE-2020-13961
Strapi prior to 3.0.2 could allow a remote authenticated malicious user to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the ema...
Strapi Strapi
641
VMScore
CVE-2022-0764
Arbitrary Command Injection in GitHub repository strapi/strapi before 4.1.0.
Strapi Strapi
NA
CVE-2023-38507
Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack i...
Strapi Strapi
NA
CVE-2023-39345
strapi is an open-source headless CMS. Versions before 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version...
Strapi Strapi
NA
CVE-2023-36472
Strapi is an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure th...
Strapi Strapi
NA
CVE-2023-34093
Strapi is an open-source headless content management system. Prior to version 4.10.8, anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. The vulnerability only affects the handling of content types by Strapi, not the a...
Strapi Strapi
NA
CVE-2023-34235
Strapi is an open-source headless content management system. Prior to version 4.10.8, it is possible to leak private fields if one is using the `t(number)` prefix. Knex query allows users to change the default prefix. For example, if someone changes the prefix to be the same as i...
Strapi Strapi
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »