octobercms

Top products

The 15 most recently published vulnerabilities affecting octobercms.

• CVE-2026-29179October: Editor Sub-Permission Bypass for Asset and Blueprint File Operations3.3Apr 21, 2026
• CVE-2026-27937October: Reflected XSS via DataTable Form Widget3.1Apr 21, 2026
• CVE-2026-26274October: Safe Mode Bypass via Twig Database Write Operations6.6Apr 21, 2026
• CVE-2026-26067October: Safe Mode Bypass via CSS Preprocessor Compilers4.9Apr 21, 2026
• CVE-2026-25133October CMS has Stored XSS via SVG Filter Bypass4.8Apr 14, 2026
• CVE-2026-25125October CMS: Environment Variable Exfiltration via INI Parser Interpolation4.9Apr 14, 2026
• CVE-2026-24907October CMS has Stored XSS via Event Log Mail Preview5.4Apr 14, 2026
• CVE-2026-24906October CMS has Stored XSS in its Backend Editor Markup Classes5.4Apr 14, 2026
• CVE-2026-22692October CMS: Twig Sandbox Bypass via Collection Methods4.9Apr 14, 2026
• CVE-2025-61674October CMS Vulnerable to Stored XSS via Editor and Branding Styles6.1Jan 10, 2026
• CVE-2025-61676October CMS Vulnerable to Stored XSS via Branding Styles6.1Jan 10, 2026
• CVE-2024-51991October CMS Allows Unprotected SVG Rename in Media Manager4.9May 5, 2025
• CVE-2024-45962October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cro...4.7Oct 2, 2024
• CVE-2024-25837A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments se...5.4Aug 16, 2024
• CVE-2024-25637Reflected XSS via X-October-Request-Handler Header3.1Jun 26, 2024