Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/09/11 9:21 a.m.9 views

CVE-2025-59017

Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules...

8.8CVSS6.8AI score0.00276EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/09 9:31 a.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to inconsistent checks in the backend routing. An attacker can gain unauthorized access to backend AJAX routes by directly invoking them without proper permissions. Note: Additional fixed versions are available...

8.8CVSS6.7AI score0.00276EPSS
Exploits0References2
CVE
CVE
added 2025/09/09 9:1 a.m.16 views

CVE-2025-59017

CVE-2025-59017 reports missing authorization checks in TYPO3 CMS backend routing: backend users can directly invoke AJAX backend routes without access to the corresponding backend modules. Affected versions are 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17. The ...

8.8CVSS6.3AI score0.00276EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/09/09 9:1 a.m.6 views

CVE-2025-59017 Broken Access Control in Backend AJAX Routes

Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules...

5.3CVSS5.9AI score0.00276EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/09/09 12:0 a.m.4 views

TYPO3 9.0.0 < 9.5.55 ELTS / 10.0.0 < 10.4.54 ELTS / 11.0.0 < 11.5.48 ELTS / 12.0.0 < 12.4.37 / 13.0.0 < 13.4.18 (TYPO3-CORE-SA-2025-021)

The version of TYPO3 installed on the remote host is 9.0.0 prior to 9.5.55 ELTS / 10.0.0 prior to 10.4.54 ELTS / 11.0.0 prior to 11.5.48 ELTS / 12.0.0 prior to 12.4.37 / 13.0.0 prior to 13.4.18. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2025-021 advisory. -...

8.8CVSS5.5AI score0.00276EPSS
Exploits0References2
0day.today
0day.today
added 2022/11/21 12:0 a.m.373 views

WordPress BeTheme 26.5.1.4 PHP Object Injection Vulnerability

ADVISORY INFORMATION ======================= Product: Betheme Vendor URL: https://muffingroup.com/betheme/ Type: Deserialization of Untrusted Data CWE-502 Date found: 2022-11-02 Date published: 2022-11-18 CVSSv3 Score: 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE: CVE-2022-3861 2...

8.8CVSS0.1AI score0.01984EPSS
Exploits5
Rows per page
Query Builder