Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Associated Vulnerability
Clear Filters
Found 41 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-29179 October: Editor Sub-Permission Bypass for Asset and Blueprint File Operations octobercmsoctober Low 3.3 2026-04-21 16:19:52 Deep Dive
CVE-2026-27937 October: Reflected XSS via DataTable Form Widget octobercmsoctober Low 3.1 2026-04-21 16:17:07 Deep Dive
CVE-2026-26274 October: Safe Mode Bypass via Twig Database Write Operations octobercmsoctober Medium 6.6 2026-04-21 16:16:06 Deep Dive
CVE-2026-26067 October: Safe Mode Bypass via CSS Preprocessor Compilers octobercmsoctober Medium 4.9 2026-04-21 16:16:03 Deep Dive
CVE-2026-25133 October CMS has Stored XSS via SVG Filter Bypass octobercmsoctober 中危 -2026-04-14 20:47:49 Deep Dive
CVE-2026-25125 October CMS: Environment Variable Exfiltration via INI Parser Interpolation octobercmsoctober Medium 4.9 2026-04-14 20:39:59 Deep Dive
CVE-2026-24907 October CMS has Stored XSS via Event Log Mail Preview octobercmsoctober 中危 -2026-04-14 17:34:23 Deep Dive
CVE-2026-24906 October CMS has Stored XSS in its Backend Editor Markup Classes octobercmsoctober 中危 -2026-04-14 17:23:20 Deep Dive
CVE-2026-22692 October CMS: Twig Sandbox Bypass via Collection Methods octobercmsoctober Medium 4.9 2026-04-14 16:48:05 Deep Dive
CVE-2025-61674 October CMS Vulnerable to Stored XSS via Editor and Branding Styles octobercmsoctober Medium 6.1 2026-01-10 03:14:11 Deep Dive
CVE-2025-61676 October CMS Vulnerable to Stored XSS via Branding Styles octobercmsoctober Medium 6.1 2026-01-10 03:14:01 Deep Dive
CVE-2024-51991 October CMS Allows Unprotected SVG Rename in Media Manager octobercmsoctober--2025-05-05 17:04:54 Deep Dive
CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header octobercmsoctober Low 3.1 2024-06-26 15:55:36 Deep Dive
CVE-2024-24764 October Open Redirect for Administrator Accounts octobercmsoctober Low 3.5 2024-06-26 00:02:49 Deep Dive
CVE-2023-44381 October CMS safe mode bypass using Page template injection octobercmsoctober Medium 4.9 2023-12-01 21:48:44 Deep Dive
CVE-2023-44382 October CMS safe mode bypass using Twig sandbox escape octobercmsoctober Critical 9.1 2023-12-01 21:48:42 Deep Dive
CVE-2023-44383 October CMS stored XSS by authenticated backend user with improper configuration octobercmsoctober Medium 5.4 2023-11-29 19:57:38 Deep Dive
CVE-2022-35944 October CMS Safe Mode bypass leads to authenticated RCE (Remote Code Execution) octobercmsoctober Medium 6.2 2022-10-13 00:00:00 Deep Dive
CVE-2022-24800 Race Condition in October CMS upload process octobercmsoctober High 8.1 2022-07-12 20:05:10 Deep Dive
CVE-2022-23655 Missing server signature validation in OctoberCMS octobercmsoctober Medium 4.8 2022-02-23 23:30:09 Deep Dive