25 matches found
CVE-2026-11607
creationtimestamp| type| source ---|---|--- 2026-06-10 03:07:26+00:00| seen| https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-typo3-cms 2026-06-10 13:15:34+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnws6y5lau2n 2026-06-15 14:11:12+00:00| seen|...
CVE-2026-47352
Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46,...
CVE-2026-47343 TYPO3 CMS - Destructive Actions on File Mount Folders
Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0...
TYPO3 CMS 输入验证错误漏洞
TYPO3 CMS is a content management system developed under the TYPO3 open source framework. There is a vulnerability in input validation of TYPO3 CMS, which stems from the GeneralUtility::sanitizeLocalUrl function. This function allows URLs to be used for redirection even after cleaning, potentiall...
TYPO3 CMS 安全漏洞
TYPO3 CMS is a content management system developed under the TYPO3 open source framework. Security vulnerabilities existed in versions prior to TYPO3 CMS 10.4.57, as well as in versions 11.0.0 to 11.5.51, 12.0.0 to 12.4.46, 13.0.0 to 13.4.31, and 14.0.0 to 14.3.3. These vulnerabilities stemmed fr...
PT-2026-47749
Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 11.0.0 through 11.5.50 TYPO3 CMS versions 12.0.0 through 12.4.45 TYPO3 CMS versions 13.0.0 through 13.4.30 TYPO3 CMS versions 14.0.0 through 14.3.2 Description Backend users with file download permissions can download files...
EUVD-2026-2089
Backend users with access to the redirects module and write permission on the sysredirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs...
TYPO3 CMS 安全漏洞
TYPO3 CMS is a content management system from TYPO3 open source. A security vulnerability exists in TYPO3 CMS that originates from a back-end user with access to the redirection module being able to read, create, and modify any redirection record without restriction, which could result in the...
TYPO3 CMS 安全漏洞
TYPO3 CMS is a content management system from TYPO3 open source. A security vulnerability exists in TYPO3 CMS , the vulnerability stems from a mail file staging deserialization flaw , which could lead to arbitrary PHP code execution . The following versions are affected: version 10.0.0 to 10.4.54...
Information Disclosure
typo3/cms-core is vulnerable to Information Disclosure. The vulnerability is due to improper handling of error messages in the File Abstraction Layer, which exposes full file paths during failed file-system operations, allowing an attacker to disclose sensitive system information...
CVE-2025-59019
Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them...
CVE-2025-59015
A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly...
CVE-2025-59013
An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL...
CVE-2025-59016 Information Disclosure via File Abstraction Layer
Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations...
CVE-2025-59014 Denial of Service in TYPO3 Bookmark Toolbar
An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated data in the bookmark toolbar...
CVE-2022-31049
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions...
CVE-2024-55891
TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the...
TYPO3 安全漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 that stems from a cross-site request forgery vulnerability in the back-end user interface deep linking functionality, which allows an attacker to...
The vulnerability of the femanager extension of the TYPO3 content management system allows a hacker to remove arbitrary users.
The vulnerability of the femanager extension of the TYPO3 content management system is related to the lack of access control in the InvitationController function. Exploiting this vulnerability could allow a malicious actor to delete arbitrary users remotely...
CVE-2022-33155
The ameostarteaucitron aka AMEOS - TarteAuCitron GDPR cookie banner and tracking management / French RGPD compatible extension before 1.2.23 for TYPO3 allows XSS...