CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

41 matches found

RedhatCVE•added 2026/01/09 9:1 a.m.•3 views

CVE-2023-25013

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users...

8.6CVSS7.1AI score0.00548EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:30 a.m.•2 views

CVE-2019-16698

The directmail aka Direct Mail extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user with restricted permissions to the feusers table to view and export data of frontend users who are subscribed to a newsletter...

4.3CVSS6.8AI score0.00114EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-1741

Malware in sbrugna...

7.4CVSS7.3AI score0.00503EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2008-4636

Malware in sbrugna...

7.5CVSS6.4AI score0.00354EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-4262

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00114EPSS

Exploits0References6

RedhatCVE•added 2025/09/24 6:31 p.m.•2 views

CVE-2025-58235

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rustaurius Front End Users front-end-only-users allows Stored XSS.This issue affects Front End Users: from n/a through = 3.2.35...

6.5CVSS5.9AI score0.00032EPSS

Exploits0References1

CVE•added 2025/09/22 6:23 p.m.•6 views

CVE-2025-58235

CVE-2025-58235 affects the WordPress plugin Front End Users (front-end-only-users). The connected Wordfence entry specifies an Authenticated (Contributor+) Stored XSS vulnerability in Front End Users

6.5CVSS5.9AI score0.00032EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:20 p.m.•2 views

CVE-2022-44543

The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups if there is a usergroup field on the registration form. This occurs because the usergroup.inList protection mechanism is mishandled...

5.3CVSS6.8AI score0.00228EPSS

Exploits0References1

Veracode•added 2024/06/21 9:39 a.m.•11 views

Authentication Bypass

typo3/cms is vulnerable to Authentication Bypass. The vulnerability is due to late TCA initialization, which fails to restrict frontend users according to the validation rules, allowing attackers to authenticate restricted e.g., disabled frontend users...

7.1AI score

Exploits0

Positive Technologies•added 2024/04/02 12:0 a.m.•3 views

PT-2024-23225 · Typo3 · Openid Connect Authentication Extension For Typo3

Name of the Vulnerable Software and Affected Versions: OpenID Connect Authentication extension for TYPO3 affected versions not specified Description: The issue concerns a security bypass in the authentication service of the OpenID Connect Authentication extension for TYPO3. The authentication...

7.3AI score

Exploits0References5

Veracode•added 2023/12/14 6:3 a.m.•11 views

Broken Access Control

in2code/femanager is vulnerable to Broken Access Control. The vulnerability is due to the improper implementation of access control in the check edit user component. This issue can be exploited by an attacker as an authenticated user to either edit data of various frontend users or to delete...

6.6AI score

Exploits0

OSV•added 2023/12/12 5:15 p.m.•13 views

CVE-2022-44543

5.3CVSS6.8AI score

Exploits0References2

ATTACKERKB•added 2023/12/12 5:15 p.m.•0 views

CVE-2022-44543

5.3CVSS6.1AI score0.00228EPSS

Exploits0References3

Prion•added 2023/12/12 5:15 p.m.•15 views

Design/Logic Flaw

5CVSS7.1AI score0.00228EPSS

Exploits0References2Affected Software1

CNNVD•added 2023/07/17 12:0 a.m.•1 views

WordPress Plugin Front End Users 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

8.8CVSS7.8AI score0.00111EPSS

Exploits0References2

Github Security Blog•added 2023/02/02 3:30 a.m.•11 views

Broken Access Control in 3rd party TYPO3 extension "femanager"

A missing access check in the InvitationController allows an unauthenticated user with a valid invitation link to set the password of all frontend users...

8.6CVSS7.5AI score0.00548EPSS

Exploits0References4Affected Software1

Github Security Blog•added 2023/02/02 3:30 a.m.•22 views

Broken Access Control in 3rd party TYPO3 extension "femanager"

A missing access check in the InvitationController allows an unauthenticated user to delete all frontend users...

8.6CVSS7.4AI score0.00548EPSS

Exploits0References3Affected Software1

OSV•added 2023/02/02 3:30 a.m.•13 views

GHSA-3P9X-XXX6-2W4P Broken Access Control in 3rd party TYPO3 extension "femanager"

A missing access check in the InvitationController allows an unauthenticated user to delete all frontend users...

8.6CVSS7.9AI score0.00548EPSS

Exploits0References3