Vulnerabilities in TYPO3
142 resultsCVE-2026-46725CRITICALRemote Code Execution in extension "Content Element Selector" (ceselector)EPSS 2.3%CVE-2020-15098HIGHMissing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMSEPSS 2.2%CVE-2020-11067HIGHDeserialization of Untrusted Data in TYPO3 CMSEPSS 2.0%CVE-2020-15099HIGHExposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMSEPSS 1.8%CVE-2021-21359MEDIUMDenial of Service in Page Error HandlingEPSS 1.7%CVE-2011-4628—TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend tEPSS 1.6%CVE-2021-21355HIGHUnrestricted File Upload in Form FrameworkEPSS 1.6%CVE-2021-21357HIGHBroken Access Control in Form FrameworkEPSS 1.6%CVE-2020-11066HIGHImproperly Controlled Modification of Dynamically-Determined Object Attributes in TYPO3 CMSEPSS 1.5%CVE-2025-48204MEDIUMThe ns_backup extension through 13.0.0 for TYPO3 allows command injection.EPSS 1.5%CVE-2022-36104MEDIUMDenial of Service via Page Error Handling in TYPO3/cmsEPSS 1.3%CVE-2020-11063LOWObservable Response Discrepancy in TYPO3 CMSEPSS 1.2%CVE-2021-41114MEDIUMHTTP Host Header Injection in Request Handling in Typo3EPSS 1.2%CVE-2022-31050MEDIUMInsufficient Session Expiration in TYPO3 Admin ToolEPSS 1.2%CVE-2011-4901—TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 dataEPSS 1.1%CVE-2011-4904—TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve EPSS 1.1%CVE-2025-9573HIGHCommand Injection in extension "TYPO3 Backup Plus" (ns_backup)EPSS 1.1%CVE-2021-21338MEDIUMOpen Redirection in Login HandlingEPSS 1.1%CVE-2022-31047MEDIUMInsertion of Sensitive Information into Log File in typo3/cms-coreEPSS 1.0%CVE-2020-26216HIGHCross-Site Scripting in TYPO3 FluidEPSS 1.0%