VIR Vulnerability Intelligence Relay

Package impact

php Packagist / october/system

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-32648 unknown 1.5 5y ago In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. php
CVE-2026-29179 unknown 1mo ago October CMS: Editor Sub-Permission Bypass for Asset and Blueprint File Operations php
CVE-2026-27937 unknown 1mo ago October CMS: Reflected XSS via DataTable Form Widget php
CVE-2026-26067 unknown 1mo ago October CMS has Safe Mode Bypass via CSS Preprocessor Compilers php
CVE-2026-24907 unknown 1mo ago October CMS has Stored XSS in Event Log Mail Preview php
CVE-2026-24906 unknown 1mo ago October CMS has Stored XSS in Backend Editor Markup Classes php
CVE-2025-61676 unknown 5mo ago October CMS Vulnerable to Stored XSS via Branding Styles php
CVE-2025-61674 unknown 5mo ago October CMS Vulnerable to Stored XSS via Editor and Branding Styles php
CVE-2024-51991 unknown 1y ago October CMS Allows Unprotected SVG Rename in Media Manager php
CVE-2024-24764 unknown 2y ago October System module has an Open Redirect for Administrator Accounts php
CVE-2024-25637 unknown 2y ago October System module has a Reflected XSS via X-October-Request-Handler Header php
CVE-2023-44383 unknown 3y ago October CMS stored XSS by authenticated backend user with improper configuration php
CVE-2023-44382 unknown 3y ago October CMS safe mode bypass using Twig sandbox escape php
CVE-2023-44381 unknown 3y ago October CMS safe mode bypass using Page template injection php
CVE-2022-35944 unknown 4y ago October CMS Safe Mode bypass leads to authenticated Remote Code Execution php
CVE-2022-24800 unknown 4y ago October CMS upload process vulnerable to RCE via Race Condition php
CVE-2022-23655 unknown 4y ago Missing server signature validation in OctoberCMS php
CVE-2022-21705 unknown 4y ago Authenticated remote code execution in October CMS php
CVE-2021-32650 unknown 4y ago october/system arbitrary code execution php
CVE-2021-32649 unknown 4y ago October/System authenticated file write leads to remote code execution php
CVE-2021-41126 unknown 5y ago Deleted Admin Can Sign In to Admin Interface php
CVE-2021-29487 unknown 5y ago October CMS auth bypass and account takeover php