pkg:npm/studiocms

All known vulnerabilities

• HIGH8.8CVE-2026-30944StudioCMS has Privilege Escalation via Insecure API Token Generation
  from 0, < 0.4.0
• HIGH7.1CVE-2026-30945StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service
  from 0, < 0.4.0
• MEDIUM6.8CVE-2026-32103StudioCMS: IDOR — Admin-to-Owner Account Takeover via Password Reset Link Generation
  from 0, < 0.4.3
• MEDIUM6.5StudioCMS has Authorization Bypass Through User-Controlled Key
  from 0, < 0.2.0
• MEDIUM5.4StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings
  from 0, < 0.4.3
• MEDIUM4.7StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts
  from 0, < 0.4.3
• LOW2.7StudioCMS REST getUsers Exposes Owner Account Records to Admin Tokens
  from 0, < 0.4.4