Lucene search
K

25 matches found

Circl
Circl
added 2026/06/10 3:7 a.m.12 views

CVE-2026-11607

creationtimestamp| type| source ---|---|--- 2026-06-10 03:07:26+00:00| seen| https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-typo3-cms 2026-06-10 13:15:34+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnws6y5lau2n 2026-06-15 14:11:12+00:00| seen|...

7.6CVSS4.9AI score0.00238EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 11:16 a.m.11 views

CVE-2026-47352

Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46,...

5.3CVSS0.00238EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:49 a.m.8 views

CVE-2026-47343 TYPO3 CMS - Destructive Actions on File Mount Folders

Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0...

7.2CVSS5.5AI score0.00238EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

TYPO3 CMS 输入验证错误漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source framework. There is a vulnerability in input validation of TYPO3 CMS, which stems from the GeneralUtility::sanitizeLocalUrl function. This function allows URLs to be used for redirection even after cleaning, potentiall...

5.3CVSS5.2AI score0.00294EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.10 views

TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source framework. Security vulnerabilities existed in versions prior to TYPO3 CMS 10.4.57, as well as in versions 11.0.0 to 11.5.51, 12.0.0 to 12.4.46, 13.0.0 to 13.4.31, and 14.0.0 to 14.3.3. These vulnerabilities stemmed fr...

7.6CVSS6.1AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-47749

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 11.0.0 through 11.5.50 TYPO3 CMS versions 12.0.0 through 12.4.45 TYPO3 CMS versions 13.0.0 through 13.4.30 TYPO3 CMS versions 14.0.0 through 14.3.2 Description Backend users with file download permissions can download files...

7.1CVSS5.2AI score0.00313EPSS
Exploits0References10
EUVD
EUVD
added 2026/01/13 11:53 a.m.5 views

EUVD-2026-2089

Backend users with access to the redirects module and write permission on the sysredirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs...

6.4CVSS6.5AI score0.00246EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system from TYPO3 open source. A security vulnerability exists in TYPO3 CMS that originates from a back-end user with access to the redirection module being able to read, create, and modify any redirection record without restriction, which could result in the...

6.4CVSS6AI score0.00246EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system from TYPO3 open source. A security vulnerability exists in TYPO3 CMS , the vulnerability stems from a mail file staging deserialization flaw , which could lead to arbitrary PHP code execution . The following versions are affected: version 10.0.0 to 10.4.54...

7.8CVSS6.3AI score0.00165EPSS
Exploits0References4
Veracode
Veracode
added 2025/10/16 7:11 a.m.9 views

Information Disclosure

typo3/cms-core is vulnerable to Information Disclosure. The vulnerability is due to improper handling of error messages in the File Abstraction Layer, which exposes full file paths during failed file-system operations, allowing an attacker to disclose sensitive system information...

5.3CVSS6.7AI score0.00214EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/09/09 9:15 a.m.6 views

CVE-2025-59019

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them...

4.3CVSS6.6AI score
Exploits0References1
OSV
OSV
added 2025/09/09 9:15 a.m.4 views

CVE-2025-59015

A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly...

6.5CVSS6.9AI score
Exploits0References1
NVD
NVD
added 2025/09/09 9:15 a.m.7 views

CVE-2025-59013

An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL...

6.1CVSS0.00172EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/09 9:0 a.m.3 views

CVE-2025-59016 Information Disclosure via File Abstraction Layer

Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations...

5.3CVSS6AI score0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/09 9:0 a.m.4 views

CVE-2025-59014 Denial of Service in TYPO3 Bookmark Toolbar

An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated data in the bookmark toolbar...

5.1CVSS6.4AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:51 p.m.5 views

CVE-2022-31049

TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions...

5.4CVSS6.5AI score0.00717EPSS
Exploits0References1
NVD
NVD
added 2025/01/14 8:15 p.m.29 views

CVE-2024-55891

TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the...

5.3CVSS0.00308EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.3 views

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 that stems from a cross-site request forgery vulnerability in the back-end user interface deep linking functionality, which allows an attacker to...

4.3CVSS6.4AI score0.00235EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2023/04/04 12:0 a.m.7 views

The vulnerability of the femanager extension of the TYPO3 content management system allows a hacker to remove arbitrary users.

The vulnerability of the femanager extension of the TYPO3 content management system is related to the lack of access control in the InvitationController function. Exploiting this vulnerability could allow a malicious actor to delete arbitrary users remotely...

9CVSS7.2AI score0.00501EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/07/12 10:15 p.m.2 views

CVE-2022-33155

The ameostarteaucitron aka AMEOS - TarteAuCitron GDPR cookie banner and tracking management / French RGPD compatible extension before 1.2.23 for TYPO3 allows XSS...

5.4CVSS5.8AI score0.00429EPSS
Exploits0References2
Rows per page
Query Builder