October/system

This hub aggregates every CVE we track for October/system, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting October/system.

• CVE-2025-61674October CMS Vulnerable to Stored XSS via Editor and Branding Styles6.1Jan 10, 2026
• CVE-2025-61676October CMS Vulnerable to Stored XSS via Branding Styles6.1Jan 10, 2026
• CVE-2024-51991October CMS Allows Unprotected SVG Rename in Media Manager4.9May 5, 2025
• CVE-2024-25637Reflected XSS via X-October-Request-Handler Header3.1Jun 26, 2024
• CVE-2024-24764October Open Redirect for Administrator Accounts3.5Jun 26, 2024
• CVE-2023-44381October CMS safe mode bypass using Page template injection4.9Dec 1, 2023
• CVE-2023-44382October CMS safe mode bypass using Twig sandbox escape9.1Dec 1, 2023
• CVE-2023-44383October CMS stored XSS by authenticated backend user with improper configuration5.4Nov 29, 2023
• CVE-2022-35944October CMS Safe Mode bypass leads to authenticated RCE (Remote Code Execution)6.2Oct 13, 2022
• CVE-2022-24800Race Condition in October CMS upload process8.1Jul 12, 2022
• CVE-2022-23655Missing server signature validation in OctoberCMS4.8Feb 23, 2022
• CVE-2022-21705Authenticated remote code execution in octobercms7.2Feb 23, 2022
• CVE-2021-32649Authenticated file write leads to remote code execution in october/system8.8Jan 14, 2022
• CVE-2021-32650Arbitrary code execution in october/system8.8Jan 14, 2022
• CVE-2021-41126Deleted Admin Can Sign In to Admin Interface7.2Oct 6, 2021