41 matches found
CVE-2026-47349
Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3...
CVE-2026-47349
Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3...
EUVD-2026-35396
Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3...
CVE-2026-47349 TYPO3 CMS - Broken Access Control in Recycler
Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3...
CVE-2026-47349 TYPO3 CMS - Broken Access Control in Recycler
Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3...
CVE-2026-47349
CVE-2026-47349 affects TYPO3 CMS where backend users with access to the Recycler module could restore soft-deleted records on pages or tables they are not authorized to modify. Affected versions: 10.4.57 and earlier in 10.x; 11.0.0–11.5.51; 12.0.0–12.4.46; 13.0.0–13.4.31; 14.0.0–14.3.3. Root caus...
TYPO3-CORE-SA-2026-011: Broken Access Control in Recycler
More info at https://typo3.org/security/advisory/typo3-core-sa-2026-011...
PT-2026-47742
Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3...
CVE-2026-23648 Glory RBG-100 Recycler System Local Privilege Escalation via Insecure File Permissions
Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system binaries with overly permissive file permissions. Several binaries executed by the root user are writable and executable by unprivileged local users. An attacker with local access can replace or modify the...
CVE-2026-23648 Glory RBG-100 Recycler System Local Privilege Escalation via Insecure File Permissions
Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system binaries with overly permissive file permissions. Several binaries executed by the root user are writable and executable by unprivileged local users. An attacker with local access can replace or modify the...
CVE-2026-23648
Glory RBG-100 recycler systems running ISPK-08 are affected by overly permissive file permissions in multiple system binaries, where binaries executed by root are writable and executable by unprivileged local users. An attacker with local access could replace or modify these binaries to run arbit...
CVE-2026-23647 Glory RBG-100 Recycler System Hard-coded OS Credentials
Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating system credentials that allow remote authentication to the underlying Linux system. Multiple local user accounts, including accounts with administrative privileges, were found to have fixed, embedded...
PT-2026-20311
Name of the Vulnerable Software and Affected Versions Glory RBG-100 recycler systems using the ISPK-08 software component affected versions not specified Description The Glory RBG-100 recycler systems, utilizing the ISPK-08 software component, are susceptible to unauthorized access due to...
GLORY RBG-100 安全漏洞
GLORY RBG-100 is a cash recycling machine from the British company GLORY. There is a security vulnerability in GLORY RBG-100; this vulnerability stems from the ISPK-08 software component containing hard-coded operating system credentials, which may allow unauthorized remote access and complete...
PT-2026-20312
Name of the Vulnerable Software and Affected Versions Glory RBG-100 recycler systems versions using the ISPK-08 software component affected versions not specified Description The Glory RBG-100 recycler systems, utilizing the ISPK-08 software component, have system binaries with excessively open...
GLORY RBG-100 安全漏洞
GLORY RBG-100 is a cash recycling machine from the British company GLORY. The Glory RBG-100 recycling system has a security vulnerability. This vulnerability stems from the ISPK-08 software component, which contains system binary files with excessive permissions, potentially leading to local...
Vulnerabilities fixed in TYPO3 CMS
TYPO3 has fixed vulnerabilities in TYPO3 CMS Specific to certain versions. The vulnerabilities in TYPO3 CMS allow attackers to bypass field-level access controls, insert unauthorized data into restricted database fields, and manipulate redirect records without any restrictions. In addition,...
CVE-2025-59022
Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website...
TYPO3 CMS Allows Broken Access Control in Recycler Module
Problem Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the websit...
GHSA-P52W-7RHW-9M67 TYPO3 CMS Allows Broken Access Control in Recycler Module
Problem Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the websit...