Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.7 views

CVE-2026-41177

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

5.5CVSS5.4AI score0.00329EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 9:24 p.m.7 views

CVE-2026-41177

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

5.5CVSS5.8AI score0.00329EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 9:24 p.m.4 views

CVE-2026-41177 Squidex has Blind SSRF via file:// Protocol in Restore API leading to Local File Interaction

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

5.5CVSS5.8AI score0.00329EPSS
Exploits1References2
CVE
CVE
added 2026/04/22 9:24 p.m.14 views

CVE-2026-41177

CVE-2026-41177 — Squidex Restore API Blind SSRF : The Restore API in Squidex (pre-7.23.0) fails to validate the URI scheme of the user-supplied Url parameter, allowing an authenticated administrator to trigger the backend to access the local filesystem via a file:// URL. This can lead to Local Fi...

5.5CVSS5.8AI score0.00329EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/22 9:24 p.m.27 views

CVE-2026-41177 Squidex has Blind SSRF via file:// Protocol in Restore API leading to Local File Interaction

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

5.5CVSS0.00329EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/09 6:51 p.m.36 views

CVE-2026-3638

Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authenticated user to restore deleted users and roles via crafted API requests...

0.00177EPSS
Exploits0References1
CVE
CVE
added 2026/02/27 12:55 a.m.17 views

CVE-2026-25721

CVE-2026-25721 affects XWEB Pro ≤ 1.12.1. An authenticated user can exploit OS command injection via the restore action in API V1 by injecting input into the server username and/or password fields, enabling remote code execution. Red Hat and ENISA references corroborate the weakness. Remediation ...

8.8CVSS6.3AI score0.01897EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder