CVE-2026-31016

CVE-2026-31016 is a Cross Site Request Forgery vulnerability affecting Squidex.io Squidex CMS up to version 7.21.0 (and earlier). The issue enables a remote attacker to escalate privileges via the IdentityServer account profile endpoint. The vulnerability is documented with a CVSS v3.1 base score...

CVE-2026-41171

Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a Server-Side Request Forgery SSRF vulnerability due to missing SSRF protection on the Jint HTTP client used by scripting engine functions getJSON, request, etc.. An authenticate...

CVE-2026-24736 Squidex has Server-Side Request Forgery (SSRF) Issue in Webhook Configuration

Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to validate or restri...

EUVD-2026-4742

Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to validate or restri...

EUVD-2023-50481

Malicious code in bioql PyPI...

EUVD-2023-50482

Malicious code in bioql PyPI...

CVE-2023-46744 Stored Cross-site Scripting in Squidex

Squidex is an open source headless CMS and content management hub. In affected versions a stored Cross-Site Scripting XSS vulnerability enables privilege escalation of authenticated users. The SVG element filtering mechanism intended to stop XSS attacks through uploaded SVG images, is insufficien...