It has been discovered that improper error handling could lead to cache flooding in TYPO3 Core and that the prepared statement database API potentially allows SQL Injections.
Please read the advisories for a description and solutions of all the above mentioned issues:
In general the TYPO3 Security Team recommends to read the following pages:
The TYPO3 Security Cookbook:
Make sure you are subscribed to the TYPO3 Announce List:
See all TYPO3 security advisories for the TYPO3 Core: