Vulnerabilities in typo3
142 resultsCVE-2025-47940HIGHTYPO3 CMS Vulnerable to Privilege Escalation to System MaintainerEPSS 0.4%CVE-2025-59022HIGHTYPO3 CMS Allows Broken Access Control in Recycler ModuleEPSS 0.4%CVE-2026-47345MEDIUMTYPO3 HTML Sanitizer allows Cross-Site ScriptingEPSS 0.4%CVE-2024-25119MEDIUMInformation Disclosure of Encryption Key in TYPO3 Install ToolEPSS 0.4%CVE-2026-49738LOWTYPO3 CMS - Broken Access Control in File Abstraction LayerEPSS 0.4%CVE-2026-46721MEDIUMBroken Access Control in extension "Frontend User Registration" (sf_register)EPSS 0.4%CVE-2024-55921HIGHCross-Site Request Forgery in Extension Manager Module in TYPO3EPSS 0.4%CVE-2026-8827HIGHSQL Injection in extension "Address List" (tt_address)EPSS 0.3%CVE-2026-46723MEDIUMInformation Disclosure in extension "Faceted Search" (ke_search)EPSS 0.3%CVE-2026-49742HIGHTYPO3 CMS - Broken Access Control in Media ModuleEPSS 0.3%CVE-2025-10316LOWCross-Site Scripting in extension "Form to Database" (form_to_database)EPSS 0.3%CVE-2024-55891LOWInformation Disclosure via Exception Handling/Logger in TYPO3EPSS 0.3%CVE-2026-46722MEDIUMXML External Entity Injection in extension "Faceted Search" (ke_search)EPSS 0.3%CVE-2025-48205HIGHThe sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.EPSS 0.3%CVE-2025-48207HIGHThe reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.EPSS 0.3%CVE-2025-48201HIGHThe ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location.EPSS 0.3%CVE-2026-47347MEDIUMTYPO3 CMS - Open Redirect in Core UtilitiesEPSS 0.3%CVE-2024-47780LOWInformation Disclosure in TYPO3 Page TreeEPSS 0.3%CVE-2025-59020MEDIUMTYPO3 CMS Allows Broken Access Control in Edit Document ControllerEPSS 0.3%CVE-2026-47344LOWTYPO3 HTML Sanitizer allows Cross-Site ScriptingEPSS 0.3%