CVE-2026-24736 Squidex has Server-Side Request Forgery (SSRF) Issue in Webhook Configuration

Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to validate or restri...

CVE-2026-24736

Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to validate or restri...

CVE-2026-24736

Squidex (up to 7.21.0) is vulnerable to a Server-Side Request Forgery (SSRF) in the Webhook configuration. The url parameter used by Rules engine webhooks does not validate destination IPs, allowing local addresses (e.g., 127.0.0.1, localhost). When a rule triggers, the backend makes an HTTP requ...

CVE-2026-24736 Squidex has Server-Side Request Forgery (SSRF) Issue in Webhook Configuration

Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to validate or restri...

CVE-2026-24736 Squidex has Server-Side Request Forgery (SSRF) Issue in Webhook Configuration

Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to validate or restri...

PT-2026-5022

Name of the Vulnerable Software and Affected Versions Squidex versions up to and including 7.21.0 Description Squidex is an open source headless content management system and content management hub. Versions up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules...

Squidex code-related vulnerabilities

Squidex is an open-source content management system developed by Squidex. Versions of Squidex 7.21.0 and earlier had code vulnerabilities. These vulnerabilities stemmed from insufficient validation of URL parameters in Webhook configurations, or lack of restrictions on the target IP address, whic...

CVE-2025-9522

Blind Server-Side Request Forgery SSRF in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information...

CVE-2025-9522

Blind Server-Side Request Forgery SSRF in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information...

CVE-2025-9522 Blind Server-Side Request Forgery (SSRF) in Omada Controller

Blind Server-Side Request Forgery SSRF in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information...

CVE-2025-9522 Blind Server-Side Request Forgery (SSRF) in Omada Controller

Blind Server-Side Request Forgery SSRF in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information...

EUVD-2025-206347

Blind Server-Side Request Forgery SSRF in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information...

CVE-2025-9522

Blind Server-Side Request Forgery SSRF in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information...

CVE-2025-9522

Technical details about CVE-2025-9522 are not publicly provided in the supplied documents; no affected versions or remediation are disclosed. Monitor for updates.

BIT-HARBOR-2022-31666 Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects...

PT-2026-4810

Name of the Vulnerable Software and Affected Versions Omada Controllers affected versions not specified Description A flaw exists in Omada Controllers related to the webhook functionality, allowing for Blind Server-Side Request Forgery SSRF. This issue enables crafted requests to be sent to...

TP-Link Omada controllers have security vulnerabilities

TP-Link Omada Controllers are a series of centralized management platforms developed by TP-Link Corporation. The TP-Link Omada Controllers have security vulnerabilities, which stem from the webhook function’s vulnerability involving forged server-side requests, potentially leading to information...

From runtime risk to real‑time defense: Securing AI agents

AI agents, whether developed in Microsoft Copilot Studio or on alternative platforms, are becoming a powerful means for organizations to create custom solutions designed to enhance productivity and automate organizational processes by seamlessly integrating with internal data and systems. From a...

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 12, 2026 to January 18, 2026)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

CVE-2025-14978

The PeachPay — Payments & Express Checkout for WooCommerce supports Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the ConvesioPay webhook REST endpoint in all versions up to, and including,...