Filters
npm/strapi-plugin-protected-populateStrapi Protected Populate Plugin leaking fields if the request fields where empty or only fields selected where not populatable
5.3
First published (updated )
npm/@strapi/strapiUnauthorized Access to Private Fields in User Registration API in strapi
7.6
First published (updated )
npm/@strapi/plugin-users-permissionsStrapi Improper Rate Limiting vulnerability
9.8
First published (updated )
Strapi StrapiStrapi's field level permissions not being respected in relationship title
6.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Strapi StrapiStrapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the A…
7.5
First published (updated )
Strapi StrapiStrapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user de…
7.5
First published (updated )
Strapi StrapiStrapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploite…
10
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Strapi StrapiAn authenticated user with access to the Strapi admin panel can view private and sensitive data, suc…
7.5
First published (updated )
Strapi StrapiAn authenticated user with access to the Strapi admin panel can view private and sensitive data, suc…
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Strapi StrapiStoring passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6…
7.5
First published (updated )
Strapi StrapiArbitrary Command Injection in strapi/strapi
7.2
First published (updated )
Strapi StrapiIn Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering …
8.1
First published (updated )
npm/strapiadmin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?u…
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Strapi StrapiIn Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-buil…
7.5
First published (updated )
Strapi StrapiA denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin co…
4.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Strapi Strapistrapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Au…
9.8
First published (updated )