EUVD-2026-35399

TYPO3 CMS has Broken Access Control in Backend API...

CVE-2026-47352

Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46,...

CVE-2026-47351 TYPO3 CMS - Broken Access Control in Clipboard

Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue affects TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2...

PT-2026-47748

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 14.0.0 through 14.3.3 Description Backend users with write access to the form definition database table can directly create, update, or delete form definition records using the DataHandler. This process bypasses the Form...

PT-2026-47744

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 10.4.0 through 13.4.30 TYPO3 CMS versions 14.0.0 through 14.3.2 Description Backend users can insert arbitrary records and files into the clipboard without proper read permission checks. This allows unauthorized users to...

PT-2026-47749

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 11.0.0 through 11.5.50 TYPO3 CMS versions 12.0.0 through 12.4.45 TYPO3 CMS versions 13.0.0 through 13.4.30 TYPO3 CMS versions 14.0.0 through 14.3.2 Description Backend users with file download permissions can download files...

PT-2026-47743

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 13.0.0 through 13.4.31 TYPO3 CMS versions 14.0.0 through 14.3.3 Description Backend users can move records to a different page even if they lack the necessary edit permissions on the source page. Recommendations Update TYPO3...

PT-2026-47737

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.51 TYPO3 CMS versions 12.0.0 through 12.4.46 TYPO3 CMS versions 13.0.0 through 13.4.31 TYPO3 CMS versions 14.0.0 through 14.3.3 Description Backend users with access to...

CVE-2026-22692

October is a Content Management System CMS and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig safe mode feature CMSSAFEMODE. Certain methods on the collect helper were not properly restricted, allowing...

Directory Traversal

Overview tpwd/kesearch is a search extension for TYPO3, including faceting search functions. Affected versions of this package are vulnerable to Directory Traversal due to the file indexer failing to normalize the configured directory path. A backend user with permission to edit indexer...

CVE-2026-39250

An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations...

MCP Gateway: Authority-injection and JWT/session bypass via the unauthenticated router hair-pin "router-key" / "mcp-init-host" path

Summary The MCP router extproc exposes an initialize-method code path that, when a request carries an mcp-init-host header, bypasses the gateway JWT session validator and rewrites the upstream :authority header to whatever the caller chooses, gated only by a single shared header value router-key...

CVE-2026-39250

An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations...

InnoShop 安全漏洞

InnoShop is an open-source e-commerce system based on Laravel 11, developed by InnoShop. Version 0.6.0 of InnoShop has a security vulnerability. This vulnerability stems from improper authorization; attackers can log in to the frontend and directly access the backend application interfaces, leadi...

PT-2026-39211

Name of the Vulnerable Software and Affected Versions SysReptor versions prior to 2026.29 Description Users with "User Admin" permissions can modify the email addresses of users with "Superuser" permissions. When the "Forgot Password" functionality is enabled, these users can reset Superuser...

CVE-2026-41658

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio inventory module enforces authorization for destructive operations delete, retire, reinstate only in the UI layer by conditionally rendering buttons. The backend POST handlers at modules/inventory.php for...

EUVD-2026-28260

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend user with theme-upload permission to achieve remo...

EUVD-2026-28156

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker can induce a logged-in administrator to submit a forged request that empties the trash and permanent...

Insufficient Session Expiration

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Insufficient Session Expiration in the session management process. An attacker can retain backend access after their account is deactivated by maintaining an active sessio...

CI4MS has a Deactivated User Session Bypass (active=0)

Summary The auth filter has the deactivated/banned user check commented out. Details CodeIgniter Shield's loggedIn re-checks the status field catching status='banned', but does not re-check the active field for existing sessions. When an admin deactivates a user active=0 after they have already...