typo3

361 tracked vulnerabilities.

CVE-2026-49742 HIGH
TYPO3 CMS - Broken Access Control in Media Module
Jun 09, 2026
EPSS 0.00
CVE-2026-49741 HIGH
TYPO3 CMS - Privilege Escalation & SQL Injection in Form Framework
Jun 09, 2026
EPSS 0.00
CVE-2026-49740 MEDIUM
TYPO3 CMS - Insecure Deserialization in Core API
Jun 09, 2026
EPSS 0.00
CVE-2026-49738 LOW
TYPO3 CMS - Broken Access Control in File Abstraction Layer
Jun 09, 2026
EPSS 0.00
CVE-2026-47352 MEDIUM
TYPO3 CMS - Broken Access Control in Backend API
Jun 09, 2026
EPSS 0.00
CVE-2026-47351 MEDIUM
TYPO3 CMS - Broken Access Control in Clipboard
Jun 09, 2026
EPSS 0.00
CVE-2026-47350 MEDIUM
TYPO3 CMS - Broken Access Control in DataHandler
Jun 09, 2026
EPSS 0.00
CVE-2026-47349 MEDIUM
TYPO3 CMS - Broken Access Control in Recycler
Jun 09, 2026
EPSS 0.00
CVE-2026-47348 MEDIUM
TYPO3 CMS - Cross-Site Scripting in Indexed Search
Jun 09, 2026
EPSS 0.00
CVE-2026-47347 MEDIUM
TYPO3 CMS - Open Redirect in Core Utilities
Jun 09, 2026
EPSS 0.00
CVE-2026-47346 HIGH
TYPO3 CMS - Broken Access Control in Form Framework
Jun 09, 2026
EPSS 0.00
CVE-2026-47343 HIGH
TYPO3 CMS - Destructive Actions on File Mount Folders
Jun 09, 2026
EPSS 0.00
CVE-2026-11607 HIGH
TYPO3 CMS - Broken Access Control in Form Framework
Jun 09, 2026
EPSS 0.00
CVE-2026-47345 MEDIUM
TYPO3 HTML Sanitizer allows Cross-Site Scripting
Jun 08, 2026
EPSS 0.00
CVE-2026-47344 LOW
TYPO3 HTML Sanitizer allows Cross-Site Scripting
Jun 08, 2026
EPSS 0.00
CVE-2026-8827 HIGH
SQL Injection in extension "Address List" (tt_address)
May 19, 2026
EPSS 0.00
CVE-2026-8727 HIGH
Remote Code Execution in extension "Site Crawler" (crawler)
May 19, 2026
EPSS 0.00
CVE-2026-8726 HIGH
SQL Injection in extension "News system" (news)
May 19, 2026
EPSS 0.00
CVE-2026-46725 CRITICAL NUCLEI
Remote Code Execution in extension "Content Element Selector" (ceselector)
May 19, 2026
EPSS 0.02
CVE-2026-46724 MEDIUM
Path Traversal in extension "Faceted Search" (ke_search)
May 19, 2026
EPSS 0.00
CVE-2026-46723 MEDIUM
Information Disclosure in extension "Faceted Search" (ke_search)
May 19, 2026
EPSS 0.00
CVE-2026-46722 MEDIUM
XML External Entity Injection in extension "Faceted Search" (ke_search)
May 19, 2026
EPSS 0.00
CVE-2026-46721 MEDIUM
Broken Access Control in extension "Frontend User Registration" (sf_register)
May 19, 2026
EPSS 0.00
CVE-2026-6553 HIGH
TYPO3 CMS Stores Cleartext Password in User Settings Module
Apr 21, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-4208 HIGH
Authentication Bypass in extension "E-Mail MFA Provider" (mfa_email)
Mar 17, 2026
CVSS 8.8
EPSS 0.00