Vulners
Lucene search
2 matches found
CVE-2025-64526 Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying
Strapi is an open source headless content management system. In Strapi versions prior to 5.45.0, the rate-limit middleware in the users-permissions plugin derived its rate-limit key in part from ctx.request.body.email, including on routes whose body schema does not contain an email field...
6.9CVSS0.00492EPSS
Exploits0References4
EUVD-2025-209860
Strapi is an open source headless content management system. In Strapi versions prior to 5.45.0, the rate-limit middleware in the users-permissions plugin derived its rate-limit key in part from ctx.request.body.email, including on routes whose body schema does not contain an email field...
6.9CVSS6AI score0.00492EPSS
Exploits0References4
20