CVE-2025-13828

Mautic platform; a flaw in the composer-based update/Marketplace flow allows a non-privileged user to install and remove arbitrary composer packages despite the enable-composer-based-update flag. Root cause: improper privilege management in the Marketplace integration enabling privilege escalatio...

GHSA-P2JH-95JG-2W55 Information Disclosure in typo3/cms-install tool

CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C 3.5 Problem The login screen of the standalone install tool discloses the full path of the transient data directory e.g. /var/www/html/var/transient/. This applies to composer-based scenarios only - “classic” non-composer...

CVE-2023-47126

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory e.g. /var/www/html/var/transient/. This applies to composer-based scenarios only...

Design/Logic Flaw

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory e.g. /var/www/html/var/transient/. This applies to composer-based scenarios only...