EUVD-2021-23369

Malware in sbrugna...

CVE-2021-36791

The datednews aka Dated News extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data...

Multiple vulnerabilities in Extension "Dated News" (dated_news)

The extension fails to properly encode user input for output in HTML context CVE-2021-36790 and contains a blind SQL injection vulnerability CVE-2021-36789. It is also possible to confirm various applications CVE-2021-36792 and thereby obtain all application registration data CVE-2021-36791...