[MEDIUM] October Rain has Stored XSS via SVG Filter Bypass

PKSA-22sk-dxft-df3d CVE-2026-25133 GHSA-gcqv-f29m-67gr

Affected version: <=3.7.13|>=4.0.0,<=4.1.9

Reported by:
GitHub

[MEDIUM] October Rain has Environment Variable Exfiltration via INI Parser Interpolation

PKSA-qst9-2ky5-dhpn CVE-2026-25125 GHSA-g6v3-wv4j-x9hg

Affected version: <=3.7.13|>=4.0.0,<=4.1.9

Reported by:
GitHub