Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

octobercms — Vulnerabilities & Security Advisories 39

Browse all 39 CVE security advisories affecting octobercms. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products octobercms:october
CVE IDTitleCVSSSeverityPaused
CVE-2026-29179 October: Editor Sub-Permission Bypass for Asset and Blueprint File Operations — octoberCWE-863 3.3 Low2026-04-21
CVE-2026-27937 October: Reflected XSS via DataTable Form Widget — octoberCWE-79 3.1 Low2026-04-21
CVE-2026-26274 October: Safe Mode Bypass via Twig Database Write Operations — octoberCWE-184 6.6 Medium2026-04-21
CVE-2026-26067 October: Safe Mode Bypass via CSS Preprocessor Compilers — octoberCWE-863 4.9 Medium2026-04-21
CVE-2026-25133 October CMS has Stored XSS via SVG Filter Bypass — octoberCWE-79 7.5 -2026-04-14
CVE-2026-25125 October CMS: Environment Variable Exfiltration via INI Parser Interpolation — octoberCWE-200 4.9 Medium2026-04-14
CVE-2026-24907 October CMS has Stored XSS via Event Log Mail Preview — octoberCWE-79 5.4 -2026-04-14
CVE-2026-24906 October CMS has Stored XSS in its Backend Editor Markup Classes — octoberCWE-79 8.2 -2026-04-14
CVE-2026-22692 October CMS: Twig Sandbox Bypass via Collection Methods — octoberCWE-693 4.9 Medium2026-04-14
CVE-2025-61674 October CMS Vulnerable to Stored XSS via Editor and Branding Styles — octoberCWE-79 6.1 Medium2026-01-10
CVE-2025-61676 October CMS Vulnerable to Stored XSS via Branding Styles — octoberCWE-79 6.1 Medium2026-01-10
CVE-2024-51991 October CMS Allows Unprotected SVG Rename in Media Manager — octoberCWE-434 4.8AIMediumAI2025-05-05
CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header — octoberCWE-79 3.1 Low2024-06-26
CVE-2024-24764 October Open Redirect for Administrator Accounts — octoberCWE-601 3.5 Low2024-06-26
CVE-2023-44381 October CMS safe mode bypass using Page template injection — octoberCWE-94 4.9 Medium2023-12-01
CVE-2023-44382 October CMS safe mode bypass using Twig sandbox escape — octoberCWE-94 9.1 Critical2023-12-01
CVE-2023-44383 October CMS stored XSS by authenticated backend user with improper configuration — octoberCWE-79 5.4 Medium2023-11-29
CVE-2022-35944 October CMS Safe Mode bypass leads to authenticated RCE (Remote Code Execution) — octoberCWE-94 6.2 Medium2022-10-13
CVE-2022-24800 Race Condition in October CMS upload process — octoberCWE-362 8.1 High2022-07-12
CVE-2022-23655 Missing server signature validation in OctoberCMS — octoberCWE-347 4.8 Medium2022-02-23
CVE-2022-21705 Authenticated remote code execution in octobercms — octoberCWE-74 7.2 High2022-02-23
CVE-2021-32649 Authenticated file write leads to remote code execution in october/system — octoberCWE-74 8.8 High2022-01-14
CVE-2021-32650 Arbitrary code execution in october/system — octoberCWE-74 8.8 High2022-01-14
CVE-2021-41126 Deleted Admin Can Sign In to Admin Interface — octoberCWE-287 7.2 High2021-10-06
CVE-2021-29487 Authentication bypass in Octobercms — octoberCWE-287 7.4 High2021-08-26
CVE-2021-32648 Account Takeover in Octobercms — octoberCWE-287 8.2 High2021-08-26
CVE-2021-21264 Bypass of fix for CVE-2020-26231, Twig sandbox escape — octoberCWE-862 5.2 Medium2021-05-03
CVE-2021-21265 October CMS vulnerable to Potential Host Header Poisoning on misconfigured servers — octoberCWE-644 6.8 Medium2021-03-10
CVE-2020-26231 Bypass of fix for CVE-2020-15247, Twig sandbox escape — octoberCWE-862 5.2 Medium2020-11-23
CVE-2020-15249 Stored XSS by authenticated backend user with access to upload files — octoberCWE-79 2.8 Low2020-11-23

This page lists every published CVE security advisory associated with octobercms. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.