Known Vulnerabilities for products from Octobercms
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Octobercms".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-25133 json | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-sit... | Not Provided | 2026-04-14 | 2026-04-23 |
| CVE-2026-25125 json | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a server-side info... | Not Provided | 2026-04-14 | 2026-04-22 |
| CVE-2026-24907 json | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-sit... | Not Provided | 2026-04-14 | 2026-04-21 |
| CVE-2026-24906 json | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Sit... | Not Provided | 2026-04-14 | 2026-04-21 |
| CVE-2026-22692 json | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 cont... | Not Provided | 2026-04-14 | 2026-04-21 |
| CVE-2023-44383 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2023-11-29 | 2023-12-05 |
| CVE-2023-44382 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.1 - CRITICAL | 2023-12-01 | 2023-12-06 |
| CVE-2023-44381 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.9 - MEDIUM | 2023-12-01 | 2023-12-06 |
| CVE-2023-43876 json | A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web sc... | 5.4 - MEDIUM | 2023-09-28 | 2023-09-29 |
| CVE-2023-37692 json | An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file. | 5.4 - MEDIUM | 2023-07-26 | 2023-08-02 |
| CVE-2022-35944 json | October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only... | 7.2 - HIGH | 2022-10-13 | 2022-10-18 |
| CVE-2022-24800 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.1 - HIGH | 2022-07-12 | 2022-07-20 |
| CVE-2022-23655 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.3 - MEDIUM | 2022-02-24 | 2022-03-07 |
| CVE-2022-21705 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2022-02-23 | 2023-07-24 |
| CVE-2021-41126 json | October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions ad... | 7.2 - HIGH | 2021-10-06 | 2021-10-14 |
| CVE-2021-32650 json | October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1... | 8.8 - HIGH | 2022-01-14 | 2022-08-05 |
| CVE-2021-32649 json | October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1... | 8.8 - HIGH | 2022-01-14 | 2022-08-05 |
| CVE-2021-32648 json | octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attack... | 9.1 - CRITICAL | 2021-08-26 | 2023-07-07 |
| CVE-2021-29487 json | octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attack... | 7.4 - HIGH | 2021-08-26 | 2022-08-02 |
| CVE-2021-21265 json | October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2,... | 7.5 - HIGH | 2021-03-10 | 2021-03-18 |
Known software with vulnerabilities from Octobercms
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Octobercms | Debugbar | 1.0.1 |
| Application | Octobercms | October | - |
| Application | Octobercms | Octobercms | - |
| Application | Octobercms | October Cms | 1.0.100 |