EUVD-2026-24081

Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and usersettings fields of the beusers database table. This issue affects TYPO3 CMS version 14.2.0...

CVE-2026-6553 TYPO3 CMS Stores Cleartext Password in User Settings Module

Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and usersettings fields of the beusers database table. This issue affects TYPO3 CMS version 14.2.0...

CVE-2009-4967

SQL injection vulnerability in the Car car extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2009-4968

SQL injection vulnerability in the Event Registration eventregistr extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

EUVD-2012-1114

Malware in sbrugna...

EUVD-2014-6118

Malware in sbrugna...

EUVD-2013-4535

Malware in sbrugna...

EUVD-2015-4631

Malware in sbrugna...

EUVD-2008-4638

Malware in sbrugna...

EUVD-2022-3136

Malicious code in bioql PyPI...

CVE-2025-7899 Insecure Direct Object Reference in extension "powermail" (powermail)

The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0...

CVE-2025-48207

The reintdownloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference...

CVE-2025-48203

The csseo extension through 9.2.0 for TYPO3 allows XSS...

CVE-2021-41113

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as...

CVE-2010-4888

SQL injection vulnerability in the Tiny Market hmtinymarket extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 version 12.4.8 and earlier, which stems from the presence of an unsafe direct object reference...

Sensitive Information Disclosure

typo3/cms-core is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the Install Tool exposing the current TYPO3 version number to non-authenticated users...

CVE-2021-41113

CVE-2021-41113 — TYPO3 Backend CSRF : TYPO3’s v11 feature for creating/sharing deep links in the backend UI is vulnerable to cross-site request forgery. An unauthenticated attacker could exploit a logged-in victim’s session to perform actions, potentially creating an admin user account and taking...

PT-2021-3863 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 9.0.0 through 9.5.28 TYPO3 versions 10.0.0 through 10.4.17 TYPO3 versions 11.0.0 through 11.3.0 Description: The issue is related to the failure to properly encode settings for backend layouts, making the corresponding grid vie...

XML External Entity in Dashboard Widget

Problem It has been discovered that RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At leas...