Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

66 matches found

CVE
CVEadded 8 hours ago8 views

CVE-2026-47348

CVE-2026-47348 describes a Cross-Site Scripting vulnerability in TYPO3 CMS where editors could insert HTML into page titles stored in the search index; when rendered in frontend search results via the Indexed Search plugin, the titles were not properly output-encoded. Affected: TYPO3 CMS versions...

5.1CVSS5.5AI score
Exploits0References3
Vulnrichment
Vulnrichmentadded 8 hours ago2 views

CVE-2026-47348 TYPO3 CMS - Cross-Site Scripting in Indexed Search

Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...

5.1CVSS5.5AI score
Exploits0References3
Cvelist
Cvelistadded 8 hours ago7 views

CVE-2026-47348 TYPO3 CMS - Cross-Site Scripting in Indexed Search

Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...

5.1CVSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 19 hours ago5 views

PT-2026-47741

Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...

5.1CVSS5.5AI score
Exploits0References4
Fedora
Fedoraadded 2026/05/23 3:49 p.m.7 views

[SECURITY] Fedora 43 Update: perl-Apache-Session-Browseable-1.3.19-1.fc43

A virtual Apache::Session back-end providing some class methods to manipulate all sessions and add the capability to index some fields to make re-search faster...

6.5CVSS5.8AI score0.00041EPSS
Exploits0
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2009-4308

Malware in sbrugna...

4.3CVSS6.4AI score0.00322EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2006-5054

Malware in sbrugna...

2.6CVSS6.4AI score0.00558EPSS
Exploits0References9
EUVD
EUVDadded 2025/10/07 12:30 a.m.6 views

EUVD-2013-4597

Malware in sbrugna...

4.3CVSS6.4AI score0.00285EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2015-8629

Malware in sbrugna...

5.4CVSS5.4AI score0.00187EPSS
Exploits0References8
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-2917

Malicious code in bioql PyPI...

10CVSS6.3AI score0.03387EPSS
Exploits0References10
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-0058

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00472EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/05/23 7:40 a.m.6 views

CVE-2024-55923

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

4.3CVSS4.6AI score0.00472EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 3:36 a.m.6 views

CVE-2015-8756

Cross-site scripting XSS vulnerability in the search result view in the Indexed Search indexedsearch component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors...

5.4CVSS5.4AI score0.00187EPSS
Exploits0References1
Veracode
Veracodeadded 2025/01/20 3:9 a.m.14 views

Cross-Site Request Forgery (CSRF)

typo3/cms-indexed-search is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of HTTP methods for state-changing actions and misconfigured security settings, allows attackers to exploit the "Indexed Search Module" to delete items by deceiving logged-in...

4.3CVSS6.9AI score0.00472EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichmentadded 2025/01/14 7:20 p.m.6 views

CVE-2024-55923 Cross-Site Request Forgery in Indexed Search Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

4.3CVSS4.7AI score0.00472EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/01/14 7:20 p.m.11 views

CVE-2024-55923 Cross-Site Request Forgery in Indexed Search Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

4.3CVSS0.00472EPSS
Exploits0References2
OSV
OSVadded 2025/01/14 7:20 p.m.1 views

CVE-2024-55923 Cross-Site Request Forgery in Indexed Search Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

4.3CVSS6.5AI score0.00472EPSS
Exploits0References4
CVE
CVEadded 2025/01/14 7:20 p.m.51 views

CVE-2024-55923

CVE-2024-55923 describes a CSRF flaw in the TYPO3 backend deep-link functionality within the Indexed Search Module . The vulnerability can enable an attacker to delete items in the module when a logged-in backend user is tricked into visiting a malicious URL, under misconfigurations where the bac...

4.3CVSS4.7AI score0.00472EPSS
Exploits0References2Affected Software1
Snyk
Snykadded 2025/01/14 3:40 p.m.1 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the backend user interface functionality involving deep links. An attacker can manipulate the state-changing actions and delete items by sending a crafted URL to a logged-in user. Note: This is...

5.1CVSS6.9AI score0.00472EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/01/14 12:0 a.m.1 views

PT-2025-3151 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...

4.3CVSS6.8AI score0.00472EPSS
Exploits0References9
Rows per page
Query Builder