VIR Vulnerability Intelligence Relay

Package impact

npm NPM / @strapi/plugin-users-permissions

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-22706 medium 6.5 6.5 14d ago Strapi: Password Reset Does Not Revoke Existing Refresh Sessions npm
CVE-2025-64526 medium 5.3 5.3 14d ago Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying npm