Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 typo3 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-36786
The miniorange_saml (aka Miniorange Saml) extension prior to 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.
Miniorange Saml
7.5
CVSSv3
CVE-2021-38623
The deferred_image_processing (aka Deferred image processing) extension prior to 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption.
Deferred Image Processing Project Deferred Image Processing
7.5
CVSSv3
CVE-2021-36793
The routes (aka Extbase Yaml Routes) extension prior to 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output.
Routes Project Routes
7.5
CVSSv3
CVE-2021-21359
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This...
Typo3 Typo3
7.5
CVSSv3
CVE-2021-21339
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be e...
Typo3 Typo3
7.5
CVSSv3
CVE-2020-26228
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occur...
Typo3 Typo3
1 Github repository
7.5
CVSSv3
CVE-2010-3668
TYPO3 prior to 4.1.14, 4.2.x prior to 4.2.13, 4.3.x prior to 4.3.4 and 4.4.x prior to 4.4.1 allows Header Injection in the secure download feature jumpurl.
Typo3 Typo3
7.5
CVSSv3
CVE-2019-11832
TYPO3 8.x prior to 8.7.25 and 9.x prior to 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.
Typo3 Typo3
7.5
CVSSv3
CVE-2013-7400
The Direct Mail (direct_mail) extension prior to 3.1.2 for TYPO3 allows remote malicious users to obtain sensitive information by leveraging improper checking of authentication codes.
Dkd Direct Mail
7.5
CVSSv3
CVE-2017-15363
Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler up to and including 3.0.0, as used in the restler extension prior to 1.7.1 for TYPO3, allows remote malicious users to read arbitrary files via the file parameter.
Luracast Restler
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »