typo3
361 tracked vulnerabilities.
CVE-2026-4202
MEDIUM
Broken Access Control in extension "Redirect Tab"
Mar 17, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-1323
HIGH
Insecure Deserialization in extension "Mailqueue" (mailqueue)
Mar 17, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-0895
MEDIUM
TYPO3 Extension Mailqueue < 0.4.3 and 0.5.0 < 0.5.1 - Insecure Deserialization
Jan 20, 2026
EPSS 0.00
CVE-2026-0859
HIGH
Typo3 < 10.4.55 - Insecure Deserialization
Jan 13, 2026
CVSS 7.8
EPSS 0.00
CVE-2025-59022
HIGH
Typo3 < 10.4.55 - Missing Authorization
Jan 13, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-59021
MEDIUM
Typo3 < 10.4.55 - Missing Authorization
Jan 13, 2026
CVSS 6.4
EPSS 0.00
CVE-2025-59020
MEDIUM
Typo3 < 10.4.55 - Incorrect Authorization
Jan 13, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-12998
HIGH
TYPO3 Extension Modules <4.3.11-5.7.4-6.4.2-7.5.5 - Auth Bypass
Nov 12, 2025
EPSS 0.00
CVE-2025-10316
LOW
TYPO3 Form to Database < 2.2.5, 3.0.0-3.2.1, 4.0.0-4.2.2, 5.0.0-5.0.1 - Cross-Site Scripting
Sep 16, 2025
EPSS 0.00
CVE-2025-59019
MEDIUM
TYPO3 CMS 11.0.0-11.5.47 12.0.0-12.4.36 13.0.0-13.4.17 - Unauthorized Information Disclosure via CSV Download Feature
Sep 09, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-59018
MEDIUM
TYPO3 CMS 9.0.0-13.4.17 - Unauthorized Sensitive Information Exposure via Workspace Module
Sep 09, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-59017
HIGH
TYPO3 CMS 9.0.0-13.4.17 - Missing Authorization in Backend Routing
Sep 09, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-59016
MEDIUM
TYPO3 CMS 9.0.0-13.4.17 - Authenticated Sensitive Information Disclosure
Sep 09, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-59015
MEDIUM
TYPO3 CMS <13.4.17 - Info Disclosure
Sep 09, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-59014
LOW
TYPO3 CMS 11.0.0-11.5.47 12.0.0-12.4.36 13.0.0-13.4.17 - Authenticated Denial of Service via Bookmark Toolbar
Sep 09, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-59013
MEDIUM
TYPO3 CMS Open Redirect via GeneralUtility::sanitizeLocalUrl
Sep 09, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-9573
HIGH
TYPO3 ns_backup <13.0.2 - Command Injection
Sep 02, 2025
EPSS 0.01
CVE-2025-7900
MEDIUM
TYPO3 femanager <6.4.1, 7.0.0-7.5.2, 8.0.0-8.3.0 - Info Disclosure
Jul 22, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-7899
MEDIUM
Powermail <13.0.0 - Info Disclosure
Jul 22, 2025
EPSS 0.00
CVE-2025-48207
HIGH
TYPO3 reint_downloadmanager <5.0.0 - Info Disclosure
May 21, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-48205
HIGH
TYPO3 sr_feuser_register <12.4.8 - Info Disclosure
May 21, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-48204
MEDIUM
ns_backup < 13.0.1 - OS Command Injection
May 21, 2025
CVSS 6.8
EPSS 0.01
CVE-2025-48203
MEDIUM
cs_seo 6.3.0-6.7.9, 7.0.0-7.4.9, 8.0.0-8.3.9, 9.0.0-9.2.0 - Cross-Site Scripting
May 21, 2025
CVSS 6.4
EPSS 0.00
CVE-2025-48202
MEDIUM
TYPO3 femanager <8.2.1 - Info Disclosure
May 21, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-48201
HIGH
TYPO3 ns_backup <13.0.0 - Info Disclosure
May 21, 2025
CVSS 8.6
EPSS 0.00
Products
typo3 218
cms 116
cms-core 98
cms-backend 24
TYPO3 CMS 14
cms-form 7
cms-install 6
html-sanitizer 6
cms-frontend 4
dam_frontend_extension 4
html_sanitizer 4
wec_discussion_forum 4
Extension "Faceted Search" 3
cms-recycler 3
pdf_generator_2_extension 3
Extension "Mailqueue" 2
HTML Sanitizer 2
address_directory 2
air_filemanager 2
beuserswitch 2
cms-beuser 2
cms-dashboard 2
cms-indexed-search 2
cms-workspaces 2
commerce_extension 2
eluna_page_comments_extension 2
ns backup extension 2
phar-stream-wrapper 2
pharstreamwrapper 2
sql_frontend_extension 2
Quick Filters