CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

Github Security Blog•added last week•9 views

TYPO3 CMS has an Open Redirect Vulnerability via Core Utilities

Problem Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attack...

5.3CVSS5.2AI score0.00484EPSS

Exploits0References7Affected Software1

Friends Of PHP•added 2026/05/18 2:30 p.m.•7 views

TYPO3-EXT-SA-2026-011: Path Traversal in extension "Faceted Search" (ke_search)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-011...

5.9CVSS5.8AI score0.00404EPSS

Exploits0Affected Software1

Tenable Nessus•added 2025/05/20 12:0 a.m.•4 views

TYPO3 9.0.0 < 9.5.51 ELTS / 10.0.0 < 10.4.50 ELTS / 11.0.0 < 11.5.44 ELTS / 12.0.0 < 12.4.31 / 13.0.0 < 13.4.12 (TYPO3-CORE-SA-2025-013)

The version of TYPO3 installed on the remote host is 9.0.0 prior to 9.5.51 ELTS / 10.0.0 prior to 10.4.50 ELTS / 11.0.0 prior to 11.5.44 ELTS / 12.0.0 prior to 12.4.31 / 13.0.0 prior to 13.4.12. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2025-013 advisory. -...

3.8CVSS5.6AI score0.0024EPSS

Exploits0References2

Friends Of PHP•added 2025/05/18 9:8 p.m.•24 views

TYPO3-EXT-SA-2025-004: Insecure Direct Object Reference in extension "Download manager" (reint_downloadmanager)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-004...

8.6CVSS7.2AI score0.00301EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/12/17 9:50 a.m.•12 views

Cross-Site Scripting in Filelist Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-023...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2019/12/17 9:50 a.m.•8 views

Cross-Site Scripting in Link Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-022...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2019/05/07 9:42 a.m.•23 views

Possible Arbitrary Code Execution in Image Processing

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-012...

9.3CVSS7.2AI score0.03917EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/05/07 9:42 a.m.•23 views

Possible Arbitrary Code Execution in Image Processing

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-012...

9.3CVSS7.2AI score0.03917EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/05/07 9:42 a.m.•11 views

Security Misconfiguration in User Session Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-011...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2019/05/07 9:33 a.m.•17 views

Cross-Site Scripting in Fluid Engine

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-013...

6.1CVSS7.2AI score0.00955EPSS

Exploits1Affected Software1

Friends Of PHP•added 2019/01/22 8:41 a.m.•14 views

Cross-Site Scripting in Form Framework

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-007...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2019/01/22 8:41 a.m.•11 views

Cross-Site Scripting in Form Framework

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-007...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2019/01/22 8:41 a.m.•10 views

Information Disclosure of Installed Extensions

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-001...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2019/01/22 8:41 a.m.•9 views

Information Disclosure of Installed Extensions

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-001...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2014/10/22 9:14 a.m.•8 views

Arbitrary Shell Execution in Swiftmailer library

More info at https://typo3.org/security/advisory/typo3-core-sa-2014-002...

7.2AI score

Exploits0Affected Software1

OpenVAS•added 2010/10/10 12:0 a.m.•8 views

Debian Security Advisory DSA 2098-2 (typo3-src)

The remote host is missing an update to typo3-src announced via advisory DSA 2098-2. OpenVAS Vulnerability Test $Id: deb20982.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 2098-2 typo3-src Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

0.5AI score

Exploits0