[LOW] October CMS Allows Unprotected SVG Rename in Media Manager

PKSA-1r2f-d74z-j32s CVE-2024-51991 GHSA-96hh-8hx5-cpw7

Affected version: <3.7.5

Reported by:
GitHub

[LOW] October allows an admin account to upload PDF containing malicious JavaScript

PKSA-b37x-tgms-g4z2 CVE-2024-45962 GHSA-hxpp-g76m-qhvg

Affected version: <=3.6.4

Reported by:
GitHub