Lucene search
K

118 matches found

Nuclei
Nuclei
added 13 hours ago39 views

Squidex <7.4.0 - Cross-Site Scripting

Squidex before 7.4.0 contains a cross-site scripting vulnerability via the squid.svg endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2023-24278 info: name: Squidex 7.4....

6.1CVSS6.4AI score0.02908EPSS
Exploits2References4
NVD
NVD
added 2026/06/29 8:17 p.m.7 views

CVE-2026-31016

Cross Site Request Forgery vulnerability in Squidex.io Squidex CMS v.7.21.0 and before allows a remote attacker to escalate privileges via the IdentityServer account profile endpoint...

6.5CVSS0.00186EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 12:0 a.m.15 views

CVE-2026-31016

CVE-2026-31016 is a Cross Site Request Forgery vulnerability affecting Squidex.io Squidex CMS up to version 7.21.0 (and earlier). The issue enables a remote attacker to escalate privileges via the IdentityServer account profile endpoint. The vulnerability is documented with a CVSS v3.1 base score...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.15 views

PT-2026-53694

Name of the Vulnerable Software and Affected Versions Squidex.io Squidex CMS versions prior to 7.21.0 Description A Cross Site Request Forgery CSRF issue allows a remote attacker to escalate privileges. This is achieved by targeting the IdentityServer account profile endpoint, which is a specific...

6.5CVSS6AI score0.00186EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.10 views

CVE-2026-41170

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the RestoreController.PostRestoreJob endpoint allows an administrator to supply an arbitrary URL for downloading backup archives. This URL is fetched using the "Backup" HttpClient...

8.5CVSS5.6AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.9 views

CVE-2026-41172

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSRF vulnerability allows a user with asset upload permission to force the server to fetch arbitrary URLs, including localhost/private network targets, and persist the response as ...

8.6CVSS5.6AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41171

Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a Server-Side Request Forgery SSRF vulnerability due to missing SSRF protection on the Jint HTTP client used by scripting engine functions getJSON, request, etc.. An authenticate...

8.6CVSS5.6AI score0.00215EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/25 8:50 p.m.128 views

Exploit for CVE-2026-41177

CVE-2026-41177: Squidex CMS Blind SSRF Technical research and...

5.5CVSS5.6AI score0.00329EPSS
Exploits1
NVD
NVD
added 2026/04/22 10:16 p.m.6 views

CVE-2026-41171

Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a Server-Side Request Forgery SSRF vulnerability due to missing SSRF protection on the Jint HTTP client used by scripting engine functions getJSON, request, etc.. An authenticate...

8.6CVSS0.00215EPSS
Exploits0References2
NVD
NVD
added 2026/04/22 10:16 p.m.9 views

CVE-2026-41172

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSRF vulnerability allows a user with asset upload permission to force the server to fetch arbitrary URLs, including localhost/private network targets, and persist the response as ...

8.6CVSS0.00215EPSS
Exploits0References2
NVD
NVD
added 2026/04/22 10:16 p.m.3 views

CVE-2026-41177

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

5.5CVSS0.00329EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/22 9:24 p.m.4 views

CVE-2026-41177 Squidex has Blind SSRF via file:// Protocol in Restore API leading to Local File Interaction

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

5.5CVSS5.8AI score0.00329EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/22 9:24 p.m.7 views

CVE-2026-41177

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

5.5CVSS5.8AI score0.00329EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/22 9:24 p.m.5 views

EUVD-2026-25110

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

5.5CVSS5.8AI score0.00329EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/22 9:24 p.m.33 views

CVE-2026-41177 Squidex has Blind SSRF via file:// Protocol in Restore API leading to Local File Interaction

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

5.5CVSS0.00329EPSS
Exploits1References2
CVE
CVE
added 2026/04/22 9:24 p.m.20 views

CVE-2026-41177

CVE-2026-41177 — Squidex Restore API Blind SSRF : The Restore API in Squidex (pre-7.23.0) fails to validate the URI scheme of the user-supplied Url parameter, allowing an authenticated administrator to trigger the backend to access the local filesystem via a file:// URL. This can lead to Local Fi...

5.5CVSS5.8AI score0.00329EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/22 9:22 p.m.6 views

CVE-2026-41172

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSRF vulnerability allows a user with asset upload permission to force the server to fetch arbitrary URLs, including localhost/private network targets, and persist the response as ...

8.6CVSS5.8AI score0.00215EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/22 9:22 p.m.12 views

EUVD-2026-25106

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSRF vulnerability allows a user with asset upload permission to force the server to fetch arbitrary URLs, including localhost/private network targets, and persist the response as ...

8.6CVSS5.8AI score0.00215EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/22 9:22 p.m.4 views

CVE-2026-41172 Squidex vulnerable to Server-Side Request Forgery (SSRF) via URL-based asset upload (/api/apps/{app}/assets)

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSRF vulnerability allows a user with asset upload permission to force the server to fetch arbitrary URLs, including localhost/private network targets, and persist the response as ...

8.6CVSS5.8AI score0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/22 9:22 p.m.34 views

CVE-2026-41172 Squidex vulnerable to Server-Side Request Forgery (SSRF) via URL-based asset upload (/api/apps/{app}/assets)

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSRF vulnerability allows a user with asset upload permission to force the server to fetch arbitrary URLs, including localhost/private network targets, and persist the response as ...

8.6CVSS0.00215EPSS
Exploits0References2
Rows per page
Query Builder