Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

typo3 — Vulnerabilities & Security Advisories 118

Browse all 118 CVE security advisories affecting typo3. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TYPO3 is an open-source enterprise content management system primarily designed for large-scale websites and complex digital platforms. Historically, its extensive feature set and modular architecture have introduced a significant attack surface, resulting in 118 recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation or improper access controls within extensions. While the core framework has seen improved security practices in recent versions, legacy installations remain particularly susceptible to exploitation. Notable incidents have frequently involved unpatched third-party extensions rather than core flaws, highlighting the critical importance of rigorous extension auditing. Security advisories are regularly issued by the TYPO3 Security Team, urging administrators to maintain strict update protocols to mitigate these persistent risks associated with its broad ecosystem.

Top products by typo3: TYPO3 TYPO3 CMS TYPO3.CMS html-sanitizer ns backup extension Fluid sr feuser register extension Extension "Mailqueue" Extension "E-Mail MFA Provider" Extension "Redirect Tabs" Extension "Modules" Extension "Form to Database" (form_to_database) Extension "TYPO3 Backup Plus" Extension "femanager" Extension "powermail" cs seo extension reint downloadmanager extension femanager extension oidc
CVE IDTitleCVSSSeverityPublished
CVE-2026-6553 TYPO3 CMS Stores Cleartext Password in User Settings Module — TYPO3 CMSCWE-312 6.5AIMediumAI2026-04-21
CVE-2026-4208 Authentication Bypass in extension "E-Mail MFA Provider" (mfa_email) — Extension "E-Mail MFA Provider"CWE-639 8.1AIHighAI2026-03-17
CVE-2026-4202 Broken Access Control in extension "Redirect Tab" — Extension "Redirect Tabs"CWE-862 5.4AIMediumAI2026-03-17
CVE-2026-1323 Insecure Deserialization in extension "Mailqueue" (mailqueue) — Extension "Mailqueue"CWE-502 8.8AIHighAI2026-03-17
CVE-2026-0895 Insecure Deserialization in extension "Mailqueue" (mailqueue) — Extension "Mailqueue"CWE-502 9.8AICriticalAI2026-01-20
CVE-2026-0859 TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool — TYPO3 CMSCWE-502 7.8AIHighAI2026-01-13
CVE-2025-59022 TYPO3 CMS Allows Broken Access Control in Recycler Module — TYPO3 CMSCWE-862 8.1AIHighAI2026-01-13
CVE-2025-59021 TYPO3 CMS Allows Broken Access Control in Redirects Module — TYPO3 CMSCWE-862 4.6AIMediumAI2026-01-13
CVE-2025-59020 TYPO3 CMS Allows Broken Access Control in Edit Document Controller — TYPO3 CMSCWE-863 4.3AIMediumAI2026-01-13
CVE-2025-12998 Broken Authentication in extension “Modules” (modules) — Extension "Modules"CWE-287 9.1 -2025-11-12
CVE-2025-10316 Cross-Site Scripting in extension "Form to Database" (form_to_database) — Extension "Form to Database" (form_to_database)CWE-79 6.1AIMediumAI2025-09-16
CVE-2025-59019 Information Disclosure via CSV Download — TYPO3 CMSCWE-200 6.5AIMediumAI2025-09-09
CVE-2025-59018 Information Disclosure in Workspaces Module — TYPO3 CMSCWE-200 6.5AIMediumAI2025-09-09
CVE-2025-59017 Broken Access Control in Backend AJAX Routes — TYPO3 CMSCWE-862 8.8AIHighAI2025-09-09
CVE-2025-59016 Information Disclosure via File Abstraction Layer — TYPO3 CMSCWE-209 4.3AIMediumAI2025-09-09
CVE-2025-59015 Insufficient Entropy in Password Generation — TYPO3 CMSCWE-331 9.8AICriticalAI2025-09-09
CVE-2025-59014 Denial of Service in TYPO3 Bookmark Toolbar — TYPO3 CMSCWE-248 4.9AIMediumAI2025-09-09
CVE-2025-59013 Open Redirect in TYPO3 CMS — TYPO3 CMSCWE-601 6.1AIMediumAI2025-09-09
CVE-2025-9573 Command Injection in extension "TYPO3 Backup Plus" (ns_backup) — Extension "TYPO3 Backup Plus"CWE-78 9.8AICriticalAI2025-09-02
CVE-2025-7900 Insecure Direct Object Reference in extension "femanager" (femanager) — Extension "femanager"CWE-639 4.3 -2025-07-22
CVE-2025-7899 Insecure Direct Object Reference in extension "powermail" (powermail) — Extension "powermail"CWE-639 7.5 -2025-07-22
CVE-2025-48200 TYPO3 安全漏洞 — sr feuser register extensionCWE-502 10.0 Critical2025-05-21
CVE-2025-48205 TYPO3 安全漏洞 — sr feuser register extensionCWE-425 8.6 High2025-05-21
CVE-2025-48201 TYPO3 安全漏洞 — ns backup extensionCWE-425 8.6 High2025-05-21
CVE-2025-48206 TYPO3 安全漏洞 — ns backup extensionCWE-79 6.1AIMediumAI2025-05-21
CVE-2025-48202 TYPO3 femanager 安全漏洞 — femanager extensionCWE-425 5.3 Medium2025-05-21
CVE-2025-48203 TYPO3 cs_seo 安全漏洞 — cs seo extensionCWE-79 6.4 Medium2025-05-21
CVE-2025-48207 TYPO3 安全漏洞 — reint downloadmanager extensionCWE-425 8.6 High2025-05-21
CVE-2025-48204 TYPO3 安全漏洞 — ns backup extensionCWE-78 6.8 Medium2025-05-21
CVE-2025-47941 TYPO3 Has Broken Authentication in Backend MFA — typo3CWE-288 7.2 High2025-05-20

This page lists every published CVE security advisory associated with typo3. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.