CVE-2026-26067

October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the...

CVE-2026-42294

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the...

PT-2026-40272

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

CVE-2026-40886

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

October CMS has Safe Mode Bypass via Twig Database Write Operations

A vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safemode is enabled. Backend users with Developer permissions could use Twig template markup to execute insert, update, and delete operations on any database table through the query...

October CMS has Safe Mode Bypass via CSS Preprocessor Compilers

A server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the compiler's import functionality to read arbitrary files from the server. This worked even...

CVE-2026-26274

The CVE concerns October CMS. A flaw in the Twig sandbox policy allowed backend users with Developer permissions to perform database write operations (insert, update, delete) through the query builder when cms.safe_mode was enabled, bypassing safeguards. This affected versions prior to 3.7.14 and...

CVE-2026-26274 October: Safe Mode Bypass via Twig Database Write Operations

October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safemode is enabled. Backend users with Developer permissions could use Twig template markup ...

CVE-2026-26067 October: Safe Mode Bypass via CSS Preprocessor Compilers

October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the...

PT-2026-34003

Name of the Vulnerable Software and Affected Versions October versions prior to 3.7.14 October versions prior to 4.1.10 Description A flaw in the Twig sandbox security policy allows database write operations when cms.safe mode is enabled. Backend users with Developer permissions can use Twig...

October 安全漏洞

October is an open-source content management system CMS and network platform developed by October. Versions prior to October 3.7.14 and 4.1.10 contained security vulnerabilities. These vulnerabilities were caused by improper handling of CSS preprocessor files, which could allow backend users with...

CVE-2026-25133

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting XSS vulnerability in the SVG sanitization logic. The regex pattern used to strip event handler attributes such as onclick or onload could be bypassed using a...

CVE-2026-24906

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting XSS vulnerability in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to...

GHSA-G6V3-WV4J-X9HG October Rain has Environment Variable Exfiltration via INI Parser Interpolation

A server-side information disclosure vulnerability was identified in the INI settings parser. PHP's parseinistring function supports $ syntax for environment variable interpolation. Attackers with Editor access could inject $APPKEY, $DBPASSWORD, or similar patterns into CMS page settings fields,...

CVE-2026-25133 October CMS has Stored XSS via SVG Filter Bypass

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting XSS vulnerability in the SVG sanitization logic. The regex pattern used to strip event handler attributes such as onclick or onload could be bypassed using a...

CVE-2026-25133 October CMS has Stored XSS via SVG Filter Bypass

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting XSS vulnerability in the SVG sanitization logic. The regex pattern used to strip event handler attributes such as onclick or onload could be bypassed using a...

CVE-2026-25133

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting XSS vulnerability in the SVG sanitization logic. The regex pattern used to strip event handler attributes such as onclick or onload could be bypassed using a...

EUVD-2026-22660

October CMS has Stored XSS in Event Log Mail Preview...

October CMS has Stored XSS in Event Log Mail Preview

A stored cross-site scripting XSS vulnerability was identified in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing, allowing JavaScript execution in the viewer's browser context. Impact - Stored XSS via mail...

EUVD-2026-22659

October CMS has Stored XSS in Backend Editor Markup Classes...