Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

squidex — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting squidex. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Squidex is a headless CMS and content management platform designed for developers to manage and deliver content across multiple channels. Historically, it has been susceptible to various vulnerability classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, with 11 CVEs documented to date. Notable security characteristics include its API-first architecture, which requires careful input validation and authentication controls. While no major public security incidents have been widely reported, the consistent presence of CVEs highlights the importance of regular updates and security hardening for implementations handling sensitive content.

Top products by squidex: squidex squidex/squidex
CVE IDTitleCVSSSeverityPublished
CVE-2026-41177 Squidex has Blind SSRF via file:// Protocol in Restore API leading to Local File Interaction — squidexCWE-73 5.5 Medium2026-04-22
CVE-2026-41172 Squidex vulnerable to Server-Side Request Forgery (SSRF) via URL-based asset upload (/api/apps/{app}/assets) — squidexCWE-918 4.3AIMediumAI2026-04-22
CVE-2026-41171 SSRF via Jint Scripting Engine HTTP Functions Due to Missing SSRF Protection on "Jint" HttpClient — squidexCWE-918 8.1AIHighAI2026-04-22
CVE-2026-41170 Squidex has SSRF via Backup Restore Endpoint — Admin-Controlled URL Download Allows Internal and External Requests — squidexCWE-918 6.8AIMediumAI2026-04-22
CVE-2026-24736 Squidex has Server-Side Request Forgery (SSRF) Issue in Webhook Configuration — squidexCWE-918 9.1 Critical2026-01-27
CVE-2023-46252 Cross-Site Scripting (XSS) via postMessage Handler in Squidex — squidexCWE-79 6.8 Medium2023-11-07
CVE-2023-46253 Remote code execution in Squidex — squidexCWE-22 9.1 Critical2023-11-07
CVE-2023-46744 Stored Cross-site Scripting in Squidex — squidexCWE-79 5.4 Medium2023-11-07
CVE-2023-3580 Improper Handling of Additional Special Element in squidex/squidex — squidex/squidexCWE-167 6.1 -2023-07-10
CVE-2023-0642 Cross-Site Request Forgery (CSRF) in squidex/squidex — squidex/squidexCWE-352 6.5 -2023-02-02
CVE-2023-0643 Improper Handling of Additional Special Element in squidex/squidex — squidex/squidexCWE-167 6.8 -2023-02-02

This page lists every published CVE security advisory associated with squidex. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.