Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / typo3

typo3

346 tracked vulnerabilities.

CVE-2026-8827 HIGH

SQL Injection in extension "Address List" (tt_address)

CVE-2026-8727 HIGH

Remote Code Execution in extension "Site Crawler" (crawler)

CVE-2026-8726 HIGH

SQL Injection in extension "News system" (news)

CVE-2026-46725 CRITICAL

Remote Code Execution in extension "Content Element Selector" (ceselector)

CVE-2026-46724 MEDIUM

Path Traversal in extension "Faceted Search" (ke_search)

CVE-2026-46723 MEDIUM

Information Disclosure in extension "Faceted Search" (ke_search)

CVE-2026-46722 MEDIUM

XML External Entity Injection in extension "Faceted Search" (ke_search)

CVE-2026-46721 MEDIUM

Broken Access Control in extension "Frontend User Registration" (sf_register)

CVE-2026-6553 HIGH

TYPO3 CMS Stores Cleartext Password in User Settings Module

CVE-2026-4208 HIGH

Authentication Bypass in extension "E-Mail MFA Provider" (mfa_email)

CVE-2026-4202 MEDIUM

Broken Access Control in extension "Redirect Tab"

CVE-2026-1323 HIGH

Insecure Deserialization in extension "Mailqueue" (mailqueue)

CVE-2026-0895 MEDIUM

TYPO3 Extension Mailqueue < 0.4.3 and 0.5.0 < 0.5.1 - Insecure Deserialization

CVE-2026-0859 HIGH

Typo3 < 10.4.55 - Insecure Deserialization

CVE-2025-59022 HIGH

Typo3 < 10.4.55 - Missing Authorization

CVE-2025-59021 MEDIUM

Typo3 < 10.4.55 - Missing Authorization

CVE-2025-59020 MEDIUM

Typo3 < 10.4.55 - Incorrect Authorization

CVE-2025-12998 HIGH

TYPO3 Extension Modules <4.3.11-5.7.4-6.4.2-7.5.5 - Auth Bypass

CVE-2025-10316 LOW

TYPO3 Form to Database < 2.2.5, 3.0.0-3.2.1, 4.0.0-4.2.2, 5.0.0-5.0.1 - Cross-Site Scripting

CVE-2025-59019 MEDIUM

TYPO3 CMS 11.0.0-11.5.47 12.0.0-12.4.36 13.0.0-13.4.17 - Unauthorized Information Disclosure via CSV Download Feature

CVE-2025-59018 MEDIUM

TYPO3 CMS 9.0.0-13.4.17 - Unauthorized Sensitive Information Exposure via Workspace Module

CVE-2025-59017 HIGH

TYPO3 CMS 9.0.0-13.4.17 - Missing Authorization in Backend Routing

CVE-2025-59016 MEDIUM

TYPO3 CMS 9.0.0-13.4.17 - Authenticated Sensitive Information Disclosure

CVE-2025-59015 MEDIUM

TYPO3 CMS <13.4.17 - Info Disclosure

CVE-2025-59014 LOW

TYPO3 CMS 11.0.0-11.5.47 12.0.0-12.4.36 13.0.0-13.4.17 - Authenticated Denial of Service via Bookmark Toolbar

Page 1 of 14 Next

Products

typo3 218 cms 116 cms-core 85 cms-backend 22 cms-install 6 cms-form 4 cms-frontend 4 dam_frontend_extension 4 html-sanitizer 4 html_sanitizer 4 wec_discussion_forum 4 Extension "Faceted Search" 3 pdf_generator_2_extension 3 Extension "Mailqueue" 2 address_directory 2 air_filemanager 2 beuserswitch 2 cms-beuser 2 cms-dashboard 2 cms-recycler 2 cms-workspaces 2 commerce_extension 2 eluna_page_comments_extension 2 ns backup extension 2 phar-stream-wrapper 2 pharstreamwrapper 2 sql_frontend_extension 2 sr feuser register extension 2 sr_feuser_register_extension 2 terminal 2

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy