typo3
361 tracked vulnerabilities.
CVE-2026-49742
HIGH
TYPO3 CMS - Broken Access Control in Media Module
Jun 09, 2026
EPSS 0.00
CVE-2026-49741
HIGH
TYPO3 CMS - Privilege Escalation & SQL Injection in Form Framework
Jun 09, 2026
EPSS 0.00
CVE-2026-49740
MEDIUM
TYPO3 CMS - Insecure Deserialization in Core API
Jun 09, 2026
EPSS 0.00
CVE-2026-49738
LOW
TYPO3 CMS - Broken Access Control in File Abstraction Layer
Jun 09, 2026
EPSS 0.00
CVE-2026-47352
MEDIUM
TYPO3 CMS - Broken Access Control in Backend API
Jun 09, 2026
EPSS 0.00
CVE-2026-47351
MEDIUM
TYPO3 CMS - Broken Access Control in Clipboard
Jun 09, 2026
EPSS 0.00
CVE-2026-47350
MEDIUM
TYPO3 CMS - Broken Access Control in DataHandler
Jun 09, 2026
EPSS 0.00
CVE-2026-47349
MEDIUM
TYPO3 CMS - Broken Access Control in Recycler
Jun 09, 2026
EPSS 0.00
CVE-2026-47348
MEDIUM
TYPO3 CMS - Cross-Site Scripting in Indexed Search
Jun 09, 2026
EPSS 0.00
CVE-2026-47347
MEDIUM
TYPO3 CMS - Open Redirect in Core Utilities
Jun 09, 2026
EPSS 0.00
CVE-2026-47346
HIGH
TYPO3 CMS - Broken Access Control in Form Framework
Jun 09, 2026
EPSS 0.00
CVE-2026-47343
HIGH
TYPO3 CMS - Destructive Actions on File Mount Folders
Jun 09, 2026
EPSS 0.00
CVE-2026-11607
HIGH
TYPO3 CMS - Broken Access Control in Form Framework
Jun 09, 2026
EPSS 0.00
CVE-2026-47345
MEDIUM
TYPO3 HTML Sanitizer allows Cross-Site Scripting
Jun 08, 2026
EPSS 0.00
CVE-2026-47344
LOW
TYPO3 HTML Sanitizer allows Cross-Site Scripting
Jun 08, 2026
EPSS 0.00
CVE-2026-8827
HIGH
SQL Injection in extension "Address List" (tt_address)
May 19, 2026
EPSS 0.00
CVE-2026-8727
HIGH
Remote Code Execution in extension "Site Crawler" (crawler)
May 19, 2026
EPSS 0.00
CVE-2026-8726
HIGH
SQL Injection in extension "News system" (news)
May 19, 2026
EPSS 0.00
CVE-2026-46725
CRITICAL
NUCLEI
Remote Code Execution in extension "Content Element Selector" (ceselector)
May 19, 2026
EPSS 0.02
CVE-2026-46724
MEDIUM
Path Traversal in extension "Faceted Search" (ke_search)
May 19, 2026
EPSS 0.00
CVE-2026-46723
MEDIUM
Information Disclosure in extension "Faceted Search" (ke_search)
May 19, 2026
EPSS 0.00
CVE-2026-46722
MEDIUM
XML External Entity Injection in extension "Faceted Search" (ke_search)
May 19, 2026
EPSS 0.00
CVE-2026-46721
MEDIUM
Broken Access Control in extension "Frontend User Registration" (sf_register)
May 19, 2026
EPSS 0.00
CVE-2026-6553
HIGH
TYPO3 CMS Stores Cleartext Password in User Settings Module
Apr 21, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-4208
HIGH
Authentication Bypass in extension "E-Mail MFA Provider" (mfa_email)
Mar 17, 2026
CVSS 8.8
EPSS 0.00
Products
typo3 218
cms 116
cms-core 98
cms-backend 24
TYPO3 CMS 14
cms-form 7
cms-install 6
html-sanitizer 6
cms-frontend 4
dam_frontend_extension 4
html_sanitizer 4
wec_discussion_forum 4
Extension "Faceted Search" 3
cms-recycler 3
pdf_generator_2_extension 3
Extension "Mailqueue" 2
HTML Sanitizer 2
address_directory 2
air_filemanager 2
beuserswitch 2
cms-beuser 2
cms-dashboard 2
cms-indexed-search 2
cms-workspaces 2
commerce_extension 2
eluna_page_comments_extension 2
ns backup extension 2
phar-stream-wrapper 2
pharstreamwrapper 2
sql_frontend_extension 2
Quick Filters