GHSA-3V8V-4WG6-R7QH TYPO3 CMS: Destructive Actions on File Mount Folders

Problem Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS,...

EUVD-2026-35399

TYPO3 CMS has Broken Access Control in Backend API...

CVE-2026-47352 TYPO3 CMS - Broken Access Control in Backend API

Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46,...

PT-2026-47745

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.51 TYPO3 CMS versions 12.0.0 through 12.4.46 TYPO3 CMS versions 13.0.0 through 13.4.31 TYPO3 CMS versions 14.0.0 through 14.3.3 Description Authenticated backend users...

Oracle Linux 10 : kernel (ELSA-2025-19106)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-19106 advisory. - ALSA: hda/ca0132: Fix buffer overflow in addtuningcontrol CKI Backport Bot RHEL-114853 CVE-2025-39751 - erofs: fix blksize PAGESIZE for file-backed...

CVE-2024-53235 erofs: fix file-backed mounts over FUSE

In the Linux kernel, the following vulnerability has been resolved: erofs: fix file-backed mounts over FUSE syzbot reported a null-ptr-deref in fusereadargsfill: fusereadfolio+0xb0/0x100 fs/fuse/file.c:905 filemapreadfolio+0xc6/0x2a0 mm/filemap.c:2367 doreadcachefolio+0x263/0x5c0 mm/filemap.c:382...

GHSA-4R76-XR68-W7M7 TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts

It has been discovered, that editors with access to file meta data table could change, create or delete metadata of files which are not within their file mounts...

PT-2024-40079 · Osv · Osv

Name of the Vulnerable Software and Affected Versions: OSV affected versions not specified Description: A security issue has been found where editors with access to the file meta data table can modify, create, or delete metadata of files outside their designated file mounts. Recommendations: At t...

GHSA-4R6G-XHX7-FM36 Contao Core directory traversal vulnerability

Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated backend users to view files outside their file mounts or the document root via unspecified vectors...

Contao Core directory traversal vulnerability

Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated backend users to view files outside their file mounts or the document root via unspecified vectors...

Directory traversal

Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors...

CVE-2015-0269

Contao CVE-2015-0269 is a directory traversal vulnerability in Contao CMS where remote authenticated backend users could view files outside their allowed mounts. Affected versions include Contao 3.* up to 3.4.3 and 3.2.x prior to 3.2.19; the issue arises in the back end and allows access to files...