CVE-2026-49742
- EPSS 0.31%
- Veröffentlicht 09.06.2026 10:54:58
- Zuletzt bearbeitet 09.06.2026 13:46:50
Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer (FAL) via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could ...
CVE-2026-47351
- EPSS 0.24%
- Veröffentlicht 09.06.2026 10:52:38
- Zuletzt bearbeitet 09.06.2026 13:46:50
Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue affects TYPO3...
CVE-2026-47343
- EPSS 0.24%
- Veröffentlicht 09.06.2026 10:49:07
- Zuletzt bearbeitet 09.06.2026 13:46:50
Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions...
CVE-2026-6553
- EPSS 0.17%
- Veröffentlicht 21.04.2026 10:16:31
- Zuletzt bearbeitet 05.05.2026 19:49:37
Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.
CVE-2026-0859
- EPSS 0.17%
- Veröffentlicht 13.01.2026 11:54:11
- Zuletzt bearbeitet 14.01.2026 18:57:50
TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This iss...
CVE-2025-59022
- EPSS 0.38%
- Veröffentlicht 13.01.2026 11:53:45
- Zuletzt bearbeitet 14.01.2026 19:07:07
Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site...
CVE-2025-59021
- EPSS 0.25%
- Veröffentlicht 13.01.2026 11:53:25
- Zuletzt bearbeitet 14.01.2026 19:14:35
Backend users with access to the redirects module and write permission on the sys_redirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to inse...
CVE-2025-59020
- EPSS 0.29%
- Veröffentlicht 13.01.2026 11:53:02
- Zuletzt bearbeitet 14.01.2026 19:15:16
By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the us...
CVE-2025-59019
- EPSS 0.21%
- Veröffentlicht 09.09.2025 09:01:17
- Zuletzt bearbeitet 26.09.2025 14:09:51
Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without h...
CVE-2025-59018
- EPSS 0.27%
- Veröffentlicht 09.09.2025 09:01:10
- Zuletzt bearbeitet 26.09.2025 14:08:37
Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensit...