[LOW] October CMS Allows Unprotected SVG Rename in Media Manager

PKSA-q2z3-dfft-h9n9 CVE-2024-51991 GHSA-96hh-8hx5-cpw7

Affected version: <3.7.5

Reported by:
GitHub

[HIGH] October CMS upload process vulnerable to RCE via Race Condition

PKSA-yr75-7y9f-cxw9 CVE-2022-24800 GHSA-8v7h-cpc2-r8jp

Affected version: >=2.0.0,<2.2.15|>=1.1.0,<1.1.12|<1.0.476

Reported by:
GitHub