CVE-2026-47351 TYPO3 CMS - Broken Access Control in Clipboard

Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue affects TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2...

CVE-2020-4879

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847...

PT-2020-12524 · Typo3 · Typo3/Cms

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 10.4.0 through 10.4.1 Description: The issue allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts using time-based attacks with the password reset functionality for backend...

TYPO3 Password Reset Component Information Disclosure Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. An information disclosure vulnerability exists in the TYPO3 Password Reset component versions 10.4.0 through 10.4.1. The vulnerability stems from a configuration or other error in the...

PT-2019-16952 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.2.0 through 10.4.0 Description: The issue allows web pages to be stored locally, which can then be read by another user on the system. Recommendations: For versions 10.2.0 through 10.4.0, consider restricting...

Cybozu Office Email Header Injection Vulnerability

Cybozu Office is a Web-based, cross-platform collaboration solution from Cybozu. An email header injection vulnerability exists in Cybozu Office versions 9.0.0 through 10.4.0. The vulnerability can be exploited to change email headers by tricking the user into sending a specially crafted request...

Cybozu Office Cross-Site Scripting Vulnerability (CNVD-2016-08632)

Cybozu Office is a Web-based, cross-platform collaboration solution from Cybozu. A cross-site scripting vulnerability exists in Cybozu Office versions 9.0.0 through 10.4.0. The vulnerability can be exploited to execute arbitrary script in the web browser of a logged-in user...

Cybozu Office Denial of Service Vulnerability (CNVD-2016-08626)

Cybozu Office is a Web-based, cross-platform collaboration solution from Cybozu. A denial of service vulnerability exists in Cybozu Office versions 9.0.0 through 10.4.0. An attacker can exploit this vulnerability to cause a denial of service exhaustion of system resources...