Exposição de Strapi

CMS

14

score de exposição

20

sites usam

0

em exploração

2

críticos

CVEs

23 resultados

CVE-2022-30617—An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, foEPSS 1.3%CVE-2026-22599CRITICALStrapi Vulnerable to SQL Injection in Content Type BuilderEPSS 1.2%CVE-2020-8123—A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbEPSS 1.1%CVE-2023-34235HIGHLeaking sensitive user information still possible by filtering on private with prefix fieldsEPSS 0.9%CVE-2022-30618—An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, foEPSS 0.9%CVE-2023-38507HIGHStrapi Improper Rate Limiting vulnerabilityEPSS 0.8%CVE-2024-31217MEDIUM@strapi/plugin-upload has a Denial-of-Service via Improper Exception HandlingEPSS 0.7%CVE-2024-34065HIGH@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypassEPSS 0.7%CVE-2022-29894—Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerabiEPSS 0.7%CVE-2025-3930MEDIUMLack of JWT Expiration after Log Out in StrapiEPSS 0.6%CVE-2026-27886CRITICALStrapi may leak sensitive data via relational filtering due to lack of query sanitizationEPSS 0.6%CVE-2023-34093MEDIUMStrapi allows actors to make all attributes on a content-type public without noticing itEPSS 0.6%CVE-2023-36472MEDIUMStrapi may leak sensitive user information, user reset password, tokens via content-manager viewsEPSS 0.6%CVE-2023-37263MEDIUMStrapi's field level permissions not being respected in relationship titleEPSS 0.5%CVE-2023-39345HIGHUnauthorized Access to Private Fields in User Registration API in strapiEPSS 0.5%CVE-2025-64526MEDIUMStrapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keyingEPSS 0.5%CVE-2024-52588MEDIUMStrapi allows Server-Side Request Forgery in Webhook functionEPSS 0.5%CVE-2024-29181LOW@strapi/plugin-content-manager leaks data via relations via the Admin PanelEPSS 0.4%CVE-2024-56143HIGHStrapi Allows Unauthorized Access to Private Fields via parms.lookupEPSS 0.4%CVE-2025-25298MEDIUMMissing Maximum Password Length Validation in Strapi Password HashingEPSS 0.4%

← anteriorpágina 1 / 2próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →