October/october
This hub aggregates every CVE we track for October/october, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
10
CVEs tracked
1
Critical
4
High
0
In CISA KEV
Severity distribution
MEDIUM5HIGH4CRITICAL1
Monthly trend
0
0
0
1
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 10 most recently published vulnerabilities affecting October/october.
- CVE-2024-51991October CMS Allows Unprotected SVG Rename in Media Manager4.9
- CVE-2024-45962October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cro...4.7
- CVE-2023-25365Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp37.8
- CVE-2023-37692An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file.5.4
- CVE-2021-41126Deleted Admin Can Sign In to Admin Interface7.2
- CVE-2018-1999009October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php#244 (makeFileContents function) that can result in Sensitive information ...8.1
- CVE-2017-1000193October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser.6.1
- CVE-2017-1000194October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.9.8
- CVE-2017-16244Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's ...8.8
- CVE-2015-5612Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.4.3
Product normalization is registry-driven with AI assist and human review. How it works