CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

145 matches found

Github Security Blog•added 2 days ago•7 views

TYPO3 CMS has an Open Redirect Vulnerability via Core Utilities

Problem Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attack...

5.3CVSS5.2AI score0.00039EPSS

Exploits0References7Affected Software1

OSV•added 2 days ago•3 views

GHSA-CHM7-4VCH-H8VR TYPO3 CMS has Broken Access Control in its Media Module

Problem Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files...

7.1CVSS5.2AI score0.00036EPSS

Exploits0References7

Friends Of PHP•added 2026/05/18 2:30 p.m.•6 views

TYPO3-EXT-SA-2026-011: Path Traversal in extension "Faceted Search" (ke_search)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-011...

5.9CVSS5.8AI score0.00056EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/01/09 11:52 a.m.•6 views

CVE-2009-4158

SQL injection vulnerability in the Calendar Base cal extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.9AI score0.00397EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:46 a.m.•3 views

CVE-2010-0330

SQL injection vulnerability in the Googlemaps for ttnews jfeasymaps extension 1.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.9AI score0.00366EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:14 a.m.•3 views

CVE-2022-23501

TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders partitions, can be bypassed. A...

6.5CVSS6.5AI score0.00198EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:33 a.m.•5 views

CVE-2019-16682

The urlredirect aka URL redirect extension through 1.2.1 for TYPO3 fails to properly sanitize user input and is susceptible to SQL Injection...

7.5CVSS7.5AI score0.00192EPSS

Exploits0References1