Every CVE whose affected-product data names Squidex.io Squidex, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2023-46253 — CVSS 9.1 (critical): Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability…
CVE-2026-24736 — CVSS 9.1 (critical): Squidex is an open source headless content management system and content management hub. Versions of the application up to and including…
CVE-2023-46252 — CVSS 6.8 (medium): Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage…
CVE-2023-24278 — CVSS 6.1 (medium): Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability.
CVE-2023-0643 — CVSS 6.1 (medium): Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.
CVE-2023-46744 — CVSS 5.4 (medium): Squidex is an open source headless CMS and content management hub. In affected versions a stored Cross-Site Scripting (XSS) vulnerability…
CVE-2023-46857 — CVSS 5.4 (medium): Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in…
CVE-2023-3580 — CVSS 4.3 (medium): Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.