typo3

361 tracked vulnerabilities.

CVE-2025-48200 CRITICAL
sr_feuser_register 5.1.0-12.4.8 - Remote Code Execution via Untrusted Data Deserialization
May 21, 2025
CVSS 10.0
EPSS 0.01
CVE-2025-47941 HIGH
TYPO3 <12.4.31 LTS & <13.4.2 LTS - Auth Bypass
May 20, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-47940 HIGH
TYPO3 <10.4.50 ELTS, <11.5.44 ELTS, <12.4.31 LTS, <13.4.12 LTS - Pr...
May 20, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-47939 MEDIUM
TYPO3 9.0.0-9.5.50 - Unrestricted Upload of File with Dangerous Type in File Management Module
May 20, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-47938 LOW
TYPO3 <9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, 13.4.1...
May 20, 2025
CVSS 3.8
EPSS 0.00
CVE-2025-47937 LOW
TYPO3 9.0.0-9.5.50 - Incorrect Authorization in Database Abstraction Layer
May 20, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-47936 LOW
TYPO3 12.0.0-12.4.30 and 13.0.0-13.4.1 - Authenticated Server-Side Request Forgery via Webhooks
May 20, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-24856 MEDIUM
TYPO3 oidc <4.0.0 - Privilege Escalation
Mar 16, 2025
CVSS 4.2
EPSS 0.00
CVE-2024-55945 MEDIUM
TYPO3 11.0.0-11.5.41 - Cross-Site Request Forgery via Backend Deep Links
Jan 14, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-55924 HIGH
TYPO3 11.0.0-11.5.41 - Cross-Site Request Forgery via Backend Deep Links
Jan 14, 2025
CVSS 8.0
EPSS 0.00
CVE-2024-55923 MEDIUM
TYPO3 10.0.0-10.4.48 - Cross-Site Request Forgery via Backend Deep Links
Jan 14, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-55922 MEDIUM
TYPO3 10.0.0-10.4.47 - Cross-Site Request Forgery via Backend Deep Links
Jan 14, 2025
CVSS 5.4
EPSS 0.00
CVE-2024-55921 HIGH
TYPO3 10.0.0-10.4.48 - Cross-Site Request Forgery and Remote Code Execution via Extension Manager Module
Jan 14, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-55920 MEDIUM
TYPO3 10.0.0-10.4.48 - Cross-Site Request Forgery via Backend Deep Links
Jan 14, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-55894 MEDIUM
TYPO3 10.0.0-10.4.47 - Cross-Site Request Forgery via Backend Deep Links
Jan 14, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-55893 MEDIUM
TYPO3 10.0.0-10.4.47 - Cross-Site Request Forgery via Backend Deep Links
Jan 14, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-55892 MEDIUM
TYPO3 9.0.0-9.5.48 - Open Redirect via URI Host Validation Bypass
Jan 14, 2025
CVSS 4.8
EPSS 0.00
CVE-2024-55891 LOW
TYPO3 13.4.2 - Insertion of Sensitive Information into Log File
Jan 14, 2025
CVSS 3.1
EPSS 0.00
CVE-2024-34537 MEDIUM
TYPO3 < 13.3.1 - Authenticated Denial of Service in Bookmark Toolbar
Oct 28, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-47780 LOW
TYPO3 10.0.0-10.4.45 and 13.0.0-13.3.0 - Incorrect Authorization in Backend Page Tree
Oct 08, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-34358 MEDIUM
TYPO3 <9.5.48 ELTS, <10.4.45 ELTS, <11.5.37 LTS, <12.4.15 LTS, <13....
May 14, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-34357 MEDIUM
TYPO3 <9.0.0-<9.5.48 ELTS,<10.4.45 ELTS,<11.5.37 LTS,<12.4.15 LTS,<...
May 14, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-34356 MEDIUM
TYPO3 <9.0.0-9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 1...
May 14, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-34355 LOW
TYPO3 13.0.0-13.1.0 - Authenticated HTML Injection in History Backend Module
May 14, 2024
CVSS 3.5
EPSS 0.01
CVE-2024-22188 HIGH
TYPO3 < 8.7.57 - Authenticated Command Injection via Install Tool Form Fields
Mar 05, 2024
CVSS 7.2
EPSS 0.02