Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Positive Technologies
Positive Technologiesadded 2026/05/13 12:0 a.m.4 views

PT-2026-40835

Name of the Vulnerable Software and Affected Versions Strapi versions prior to 5.33.3 Description Changing or resetting a user's password does not invalidate existing refresh-token sessions by default. In the users-permissions and admin authentication controllers, the invalidation process depends...

2.1CVSS5.8AI score0.00059EPSS
Exploits0References4
NVD
NVDadded 2025/10/16 5:15 p.m.3 views

CVE-2025-53092

Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header without proper...

6.5CVSS0.00033EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-1693

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01713EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2025/05/23 7:43 a.m.2 views

CVE-2024-37818

Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery SSRF via the component /strapi.io/next/image. This vulnerability allows attackers to scan for open ports or access sensitive information via a crafted GET request. NOTE: The Strapi Development Community argues that this issue ...

8.6CVSS8.3AI score0.00157EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2023/11/06 6:26 p.m.11 views

CVE-2023-39345 Unauthorized Access to Private Fields in User Registration API in strapi

strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version 4.13.1. Users...

7.6CVSS7.4AI score0.00079EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2023/07/25 12:0 a.m.2 views

PT-2023-24666 · Strapi · Strapi

Name of the Vulnerable Software and Affected Versions: Strapi versions prior to 4.10.8 Description: The issue affects the handling of content types by Strapi, allowing anyone to make every attribute of a Content-Type public without knowing it. This can lead to sensitive information being exposed ...

7.1CVSS6.8AI score0.00101EPSS
Exploits1References10
Github Security Blog
Github Security Blogadded 2023/04/19 9:41 p.m.40 views

Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin

Summary Strapi through 4.5.5 allows authenticated Server-Side Template Injection SSTI that can be exploited to execute arbitrary code on the server. Details Strapi through 4.5.5 allows authenticated Server-Side Template Injection SSTI that can be exploited to execute arbitrary code on the server....

10CVSS7.1AI score0.91021EPSS
Exploits2References9Affected Software2
CNNVD
CNNVDadded 2022/07/13 12:0 a.m.1 views

Strapi 代码问题漏洞

Strapi is an open source content management system CMS. A code issue vulnerability exists in Strapi v4.1.12, which stems from an unrestricted upload of files, and can be exploited by an attacker to execute arbitrary code via a crafted file...

8.8CVSS8.3AI score0.02831EPSS
Exploits1References7
Rows per page
Query Builder