October

This hub aggregates every CVE we track for October, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting October.

• CVE-2026-29179October: Editor Sub-Permission Bypass for Asset and Blueprint File Operations3.3Apr 21, 2026
• CVE-2026-27937October: Reflected XSS via DataTable Form Widget3.1Apr 21, 2026
• CVE-2026-26274October: Safe Mode Bypass via Twig Database Write Operations6.6Apr 21, 2026
• CVE-2026-26067October: Safe Mode Bypass via CSS Preprocessor Compilers4.9Apr 21, 2026
• CVE-2026-25133October CMS has Stored XSS via SVG Filter Bypass4.8Apr 14, 2026
• CVE-2026-25125October CMS: Environment Variable Exfiltration via INI Parser Interpolation4.9Apr 14, 2026
• CVE-2026-24907October CMS has Stored XSS via Event Log Mail Preview5.4Apr 14, 2026
• CVE-2026-24906October CMS has Stored XSS in its Backend Editor Markup Classes5.4Apr 14, 2026
• CVE-2026-22692October CMS: Twig Sandbox Bypass via Collection Methods4.9Apr 14, 2026
• CVE-2025-61674October CMS Vulnerable to Stored XSS via Editor and Branding Styles6.1Jan 10, 2026
• CVE-2025-61676October CMS Vulnerable to Stored XSS via Branding Styles6.1Jan 10, 2026
• CVE-2024-51991October CMS Allows Unprotected SVG Rename in Media Manager4.9May 5, 2025
• CVE-2024-45962October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cro...4.7Oct 2, 2024
• CVE-2024-25837A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments se...5.4Aug 16, 2024
• CVE-2024-25637Reflected XSS via X-October-Request-Handler Header3.1Jun 26, 2024