Lucene search
K

685 matches found

Nuclei
Nuclei
added 19 hours ago47 views

Strapi Versions <=4.5.6 - Authentication Bypass

Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that...

8.2CVSS7.2AI score0.04158EPSS
Exploits1References4
Nuclei
Nuclei
added 19 hours ago69 views

Strapi Versions <=4.5.5 - SSTI to Remote Code Execution

Strapi through 4.5.5 allows authenticated Server-Side Template Injection SSTI that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses t...

10CVSS7.5AI score0.76825EPSS
Exploits2References5
EUVD
EUVD
added yesterday5 views

EUVD-2026-40234

Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS256. Attackers possessing the jwtSecret can mint tokens with non-standard HMAC variants to bypass...

6.3CVSS5.8AI score0.00162EPSS
Exploits0References5
NVD
NVD
added 2 days ago7 views

CVE-2026-57997

Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS256. Attackers possessing the jwtSecret can mint tokens with non-standard HMAC variants to bypass...

6.3CVSS0.00162EPSS
Exploits0References4
CVE
CVE
added 2 days ago8 views

CVE-2026-57997

The CVE concerns the Strapi users-permissions plugin where JWT algorithm restrictions are not enforced if plugin::users-permissions.jwt.algorithm is not explicitly configured. This allows the server to accept HS384 and HS512 tokens alongside HS256. An attacker who possesses the jwtSecret can mint...

6.3CVSS5.8AI score0.00162EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2 days ago22 views

CVE-2026-57997 Strapi users-permissions - JWT Algorithm Confusion via Missing Algorithm Configuration

Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS256. Attackers possessing the jwtSecret can mint tokens with non-standard HMAC variants to bypass...

6.3CVSS0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-53747

Name of the Vulnerable Software and Affected Versions Strapi users-permissions plugin affected versions not specified Description The users-permissions plugin fails to restrict JSON Web Token JWT algorithms when the plugin::users-permissions.jwt.algorithm configuration is not explicitly set. This...

6.3CVSS5.8AI score0.00162EPSS
Exploits0References8
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.163 views

strapi CMS <3.0.0-beta.17.5 - Admin Password Reset

strapi CMS before 3.0.0-beta.17.5 allows admin password resets because it mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js. id: CVE-2019-18818 info: name: strapi CMS 3.0.0-beta.17.5 - Admin Password Reset...

9.8CVSS8.2AI score0.97639EPSS
Exploits13References5
GithubExploit
GithubExploit
added 2026/06/08 12:55 p.m.73 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Strapi

CVE-2026-27886 Automated Exploit - Usage Guide What This S...

9.2CVSS5.5AI score0.00612EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.8 views

CVE-2026-22707

Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, the Upload plugin's Content API endpoints did not enforce the administrator-configured MIME type restrictions plugin.upload.security.allowedTypes and deniedTypes. The same restrictions were correctly...

5.4CVSS5.5AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-27886

Strapi is an open source headless content management system. Strapi versions starting in 4.0.0 and prior to 5.37.0 did not sufficiently sanitize query parameters when filtering content via relational fields. An unauthenticated attacker could use the where query parameter on any publicly-accessibl...

9.2CVSS5.4AI score0.00612EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.9 views

CVE-2026-22599

Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in the Strapi Content-Type Builder write API. An authenticated administrator could inject arbitrary...

9.3CVSS6.4AI score0.01178EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/01 1:7 p.m.107 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Strapi

CVE-2026-27886 Strapi PoC For authorized security testing o...

9.2CVSS5.8AI score0.00612EPSS
Exploits3
Packet Storm News
Packet Storm News
added 2026/05/25 12:0 a.m.13 views

CVE-2026-27886 Vulnerability Assessment Tool

CVE-2026-27886 is an unauthenticated parameter sanitization bypass in Strapi versions 4.0.0 through 5.36.1 that allows remote, unauthenticated attackers to leak administrator secrets through the public Content API. This tool safely detects whether an instance is vulnerable without performing the...

9.2CVSS5.8AI score0.00612EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/05/22 7:7 p.m.78 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Strapi

CVE-2026-27886 Vulnerability Assessment Tool Safely detect wh...

9.2CVSS5.8AI score0.00612EPSS
Exploits3
Veracode
Veracode
added 2026/05/16 5:20 a.m.11 views

Information Disclosure

strapi/strapi is vulnerable to information disclosure. The vulnerability is due to insufficient sanitization of relational query parameters in the where filter, which allows an unauthenticated attacker to perform a boolean-oracle attack against restricted adminusers table fields and potentially...

9.2CVSS5.8AI score0.00612EPSS
Exploits3References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/16 1:56 a.m.10 views

CVE-2025-64526

Strapi is an open source headless content management system. In Strapi versions prior to 5.45.0, the rate-limit middleware in the users-permissions plugin derived its rate-limit key in part from ctx.request.body.email, including on routes whose body schema does not contain an email field...

6.9CVSS6AI score0.00492EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 7:16 p.m.15 views

CVE-2026-27886

Strapi is an open source headless content management system. Strapi versions starting in 4.0.0 and prior to 5.37.0 did not sufficiently sanitize query parameters when filtering content via relational fields. An unauthenticated attacker could use the where query parameter on any publicly-accessibl...

9.2CVSS0.00612EPSS
Exploits3References1
NVD
NVD
added 2026/05/14 7:16 p.m.44 views

CVE-2026-22707

Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, the Upload plugin's Content API endpoints did not enforce the administrator-configured MIME type restrictions plugin.upload.security.allowedTypes and deniedTypes. The same restrictions were correctly...

5.4CVSS0.00195EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 7:16 p.m.20 views

CVE-2026-22706

Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, changing or resetting a user's password did not invalidate the user's existing refresh-token sessions by default. The refresh-token invalidation step in the users-permissions and admin authentication...

6.5CVSS0.00272EPSS
Exploits0References1
Rows per page
Query Builder