CVE-2026-25125 October CMS: Environment Variable Exfiltration via INI Parser Interpolation

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a server-side information disclosure vulnerability in the INI settings parser. Because PHP's parseinistring function supports $ syntax for environment variable interpolation, attackers with...

PT-2026-5723

Name of the Vulnerable Software and Affected Versions OpenList Frontend versions prior to 4.1.10 Description The OpenList Frontend application contains a path traversal flaw in multiple file operation handlers within the server/handles/fsmanage.go file. The application directly concatenates...