Vulnerabilities > Strapi > Strapi > 3.2.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-12 | CVE-2024-29181 | Authorization Bypass Through User-Controlled Key vulnerability in Strapi Strapi is an open-source content management system. | 3.5 |
| 2024-06-12 | CVE-2024-31217 | Unspecified vulnerability in Strapi Strapi is an open-source content management system. | 6.5 |
| 2024-06-12 | CVE-2024-34065 | Authentication Bypass by Capture-replay vulnerability in Strapi Strapi is an open-source content management system. | 8.1 |
| 2023-09-15 | CVE-2023-38507 | Unspecified vulnerability in Strapi Strapi is the an open-source headless content management system. | 9.8 |
| 2023-09-15 | CVE-2023-36472 | Unspecified vulnerability in Strapi Strapi is an open-source headless content management system. | 5.7 |
| 2023-09-15 | CVE-2023-37263 | Unspecified vulnerability in Strapi Strapi is the an open-source headless content management system. | 2.7 |
| 2023-07-25 | CVE-2023-34235 | Unspecified vulnerability in Strapi Strapi is an open-source headless content management system. | 7.5 |
| 2023-07-25 | CVE-2023-34093 | Unspecified vulnerability in Strapi Strapi is an open-source headless content management system. | 7.1 |
| 2023-04-19 | CVE-2023-22621 | Injection vulnerability in Strapi Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. | 7.2 |
| 2023-04-19 | CVE-2023-22893 | Improper Authentication vulnerability in Strapi Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. | 7.5 |