| CVE-2026-22706 |
medium |
6.5 |
6.5 |
14d ago |
Strapi: Password Reset Does Not Revoke Existing Refresh Sessions |
|
| CVE-2025-64526 |
medium |
5.3 |
5.3 |
14d ago |
Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying |
|
| CVE-2024-34065 |
unknown |
— |
— |
2y ago |
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass |
|
| CVE-2023-39345 |
unknown |
— |
— |
3y ago |
Unauthorized Access to Private Fields in User Registration API |
|
| CVE-2023-38507 |
unknown |
— |
— |
3y ago |
Strapi Improper Rate Limiting vulnerability |
|
| CVE-2023-22621 |
unknown |
— |
— |
3y ago |
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin |
|
| CVE-2023-22893 |
unknown |
— |
— |
3y ago |
Strapi does not verify the access or ID tokens issued during the OAuth flow |
|