Vulnerabilities > Strapi > Strapi > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-15 CVE-2023-38507 Unspecified vulnerability in Strapi
Strapi is the an open-source headless content management system.
network
low complexity
strapi
critical
 9.8
9.8
2022-04-12 CVE-2022-27263 Unrestricted Upload of File with Dangerous Type vulnerability in Strapi 4.1.5
An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file.
network
low complexity
strapi CWE-434
critical
 9.8
9.8
2020-10-22 CVE-2020-27664 Unspecified vulnerability in Strapi
admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality.
network
low complexity
strapi
critical
 9.8
9.8
2019-11-07 CVE-2019-18818 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Strapi
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
network
low complexity
strapi CWE-640
critical
 9.8
9.8