CVE-2026-22692

October is a Content Management System CMS and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig safe mode feature CMSSAFEMODE. Certain methods on the collect helper were not properly restricted, allowing...

EUVD-2026-22357

October Rain has a Twig Sandbox Bypass via Collection Methods...

CVE-2026-22692

October is a Content Management System CMS and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig safe mode feature CMSSAFEMODE. Certain methods on the collect helper were not properly restricted, allowing...

PT-2026-32697

Name of the Vulnerable Software and Affected Versions October versions prior to 3.7.13 October versions 4.0.0 through 4.1.4 Description A sandbox bypass exists in the optional Twig safe mode feature CMS SAFE MODE. Certain methods on the collect helper were not properly restricted, allowing...

October 安全漏洞

October is an open-source content management system CMS and online platform developed by October. Versions prior to October 3.7.13, as well as those before 4.1.4, contained security vulnerabilities. These vulnerabilities stemmed from a sandbox bypass in the Twig security mode function, which coul...

CVE-2025-61676

October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms. A user with the Customize Backend Styles permission could inject malicious HTML/JS into the...

CVE-2025-61674

CVE-2025-61674 concerns October CMS. An XSS vulnerability exists in backend configuration forms where a user with Global Editor Settings can inject HTML/JS into the Markup Styles stylesheet input. A crafted input can escape the context, enabling arbitrary script execution on backend pages for al...

CVE-2025-61674 October CMS Vulnerable to Stored XSS via Editor and Branding Styles

October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the styleshee...

CVE-2025-61674 October CMS Vulnerable to Stored XSS via Editor and Branding Styles

October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the styleshee...

CVE-2025-61676

CVE-2025-61676 affects October CMS prior to 3.7.13 and 4.0.12, where a stored XSS in the backend configuration form (Branding & Appearance → Styles) could be injected by users with Customize Backend Styles permission. A crafted input in the stylesheet field could break out of the context, enabli...

CVE-2025-61676 October CMS Vulnerable to Stored XSS via Branding Styles

October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms. A user with the Customize Backend Styles permission could inject malicious HTML/JS into the...

CVE-2025-61676 October CMS Vulnerable to Stored XSS via Branding Styles

October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms. A user with the Customize Backend Styles permission could inject malicious HTML/JS into the...

PT-2026-1833

Name of the Vulnerable Software and Affected Versions October versions prior to 3.7.13 October versions prior to 4.0.12 Description October is a Content Management System CMS and web platform. A cross-site scripting XSS issue exists in October CMS backend configuration forms. A user possessing th...

PT-2024-9365 · Splunk · Splunk Secure Gateway App +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.2 Splunk Enterprise versions prior to 9.2.4 Splunk Enterprise versions prior to 9.1.7 Splunk Secure Gateway app versions prior to 3.4.261 Splunk Secure Gateway app versions prior to 3.7.13 Description:...

WordPress plugin Language Switcher 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

CVE-2023-4393

HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization...

Design/Logic Flaw

HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization...

PT-2023-29043 · Unknown · Liquidfiles

Name of the Vulnerable Software and Affected Versions: LiquidFiles versions 3.7.13 and below Description: The issue allows an attacker to perform more advanced phishing attacks against an organization through HTML and SMTP injections on the registration page. Recommendations: For versions 3.7.13...

CVE-2020-10735 affecting package python3 3.7.13-6

CVE-2020-10735 affecting package python3 3.7.13-6. An upgraded version of the package is available that resolves this issue...

WordPress Dokan Plugin <= 3.7.12 is vulnerable to SQL Injection

Software Dokan Type Plugin Vulnerable versions = 3.7.12 Fixed in 3.7.13 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-26525 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 3c9e33e0d441 Credits Rafie Muhammad Patchstack Required privilege Vendor...