typo3

361 tracked vulnerabilities.

CVE-2026-4202 MEDIUM
Broken Access Control in extension "Redirect Tab"
Mar 17, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-1323 HIGH
Insecure Deserialization in extension "Mailqueue" (mailqueue)
Mar 17, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-0895 MEDIUM
TYPO3 Extension Mailqueue < 0.4.3 and 0.5.0 < 0.5.1 - Insecure Deserialization
Jan 20, 2026
EPSS 0.00
CVE-2026-0859 HIGH
Typo3 < 10.4.55 - Insecure Deserialization
Jan 13, 2026
CVSS 7.8
EPSS 0.00
CVE-2025-59022 HIGH
Typo3 < 10.4.55 - Missing Authorization
Jan 13, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-59021 MEDIUM
Typo3 < 10.4.55 - Missing Authorization
Jan 13, 2026
CVSS 6.4
EPSS 0.00
CVE-2025-59020 MEDIUM
Typo3 < 10.4.55 - Incorrect Authorization
Jan 13, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-12998 HIGH
TYPO3 Extension Modules <4.3.11-5.7.4-6.4.2-7.5.5 - Auth Bypass
Nov 12, 2025
EPSS 0.00
CVE-2025-10316 LOW
TYPO3 Form to Database < 2.2.5, 3.0.0-3.2.1, 4.0.0-4.2.2, 5.0.0-5.0.1 - Cross-Site Scripting
Sep 16, 2025
EPSS 0.00
CVE-2025-59019 MEDIUM
TYPO3 CMS 11.0.0-11.5.47 12.0.0-12.4.36 13.0.0-13.4.17 - Unauthorized Information Disclosure via CSV Download Feature
Sep 09, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-59018 MEDIUM
TYPO3 CMS 9.0.0-13.4.17 - Unauthorized Sensitive Information Exposure via Workspace Module
Sep 09, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-59017 HIGH
TYPO3 CMS 9.0.0-13.4.17 - Missing Authorization in Backend Routing
Sep 09, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-59016 MEDIUM
TYPO3 CMS 9.0.0-13.4.17 - Authenticated Sensitive Information Disclosure
Sep 09, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-59015 MEDIUM
TYPO3 CMS <13.4.17 - Info Disclosure
Sep 09, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-59014 LOW
TYPO3 CMS 11.0.0-11.5.47 12.0.0-12.4.36 13.0.0-13.4.17 - Authenticated Denial of Service via Bookmark Toolbar
Sep 09, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-59013 MEDIUM
TYPO3 CMS Open Redirect via GeneralUtility::sanitizeLocalUrl
Sep 09, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-9573 HIGH
TYPO3 ns_backup <13.0.2 - Command Injection
Sep 02, 2025
EPSS 0.01
CVE-2025-7900 MEDIUM
TYPO3 femanager <6.4.1, 7.0.0-7.5.2, 8.0.0-8.3.0 - Info Disclosure
Jul 22, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-7899 MEDIUM
Powermail <13.0.0 - Info Disclosure
Jul 22, 2025
EPSS 0.00
CVE-2025-48207 HIGH
TYPO3 reint_downloadmanager <5.0.0 - Info Disclosure
May 21, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-48205 HIGH
TYPO3 sr_feuser_register <12.4.8 - Info Disclosure
May 21, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-48204 MEDIUM
ns_backup < 13.0.1 - OS Command Injection
May 21, 2025
CVSS 6.8
EPSS 0.01
CVE-2025-48203 MEDIUM
cs_seo 6.3.0-6.7.9, 7.0.0-7.4.9, 8.0.0-8.3.9, 9.0.0-9.2.0 - Cross-Site Scripting
May 21, 2025
CVSS 6.4
EPSS 0.00
CVE-2025-48202 MEDIUM
TYPO3 femanager <8.2.1 - Info Disclosure
May 21, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-48201 HIGH
TYPO3 ns_backup <13.0.0 - Info Disclosure
May 21, 2025
CVSS 8.6
EPSS 0.00