Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/05/16 1:56 a.m.10 views

CVE-2025-64526

Strapi is an open source headless content management system. In Strapi versions prior to 5.45.0, the rate-limit middleware in the users-permissions plugin derived its rate-limit key in part from ctx.request.body.email, including on routes whose body schema does not contain an email field...

6.9CVSS6AI score0.00492EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 7:16 p.m.11 views

CVE-2025-64526

Strapi is an open source headless content management system. In Strapi versions prior to 5.45.0, the rate-limit middleware in the users-permissions plugin derived its rate-limit key in part from ctx.request.body.email, including on routes whose body schema does not contain an email field...

6.9CVSS0.00492EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/14 6:32 p.m.47 views

CVE-2025-64526 Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying

Strapi is an open source headless content management system. In Strapi versions prior to 5.45.0, the rate-limit middleware in the users-permissions plugin derived its rate-limit key in part from ctx.request.body.email, including on routes whose body schema does not contain an email field...

6.9CVSS0.00492EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/14 6:32 p.m.17 views

EUVD-2025-209860

Strapi is an open source headless content management system. In Strapi versions prior to 5.45.0, the rate-limit middleware in the users-permissions plugin derived its rate-limit key in part from ctx.request.body.email, including on routes whose body schema does not contain an email field...

6.9CVSS6AI score0.00492EPSS
Exploits0References4
CVE
CVE
added 2026/05/14 6:32 p.m.43 views

CVE-2025-64526

CVE-2025-64526 (Strapi) affects the @strapi/plugin-users-permissions rate-limiting key construction. In Strapi versions prior to 5.45.0, the rate-limit middleware used the request body’s email field as part of the rate-limit key (userIdentifier = ctx.request.body.email), even on routes where the ...

6.9CVSS6AI score0.00492EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.20 views

PT-2026-40833

Name of the Vulnerable Software and Affected Versions Strapi versions prior to 5.45.0 Description The rate-limit middleware in the users-permissions plugin incorrectly derives its rate-limit key using ctx.request.body.email, even on routes where the body schema does not require an email field, su...

6.9CVSS6AI score0.00492EPSS
Exploits0References8
Rows per page
Query Builder