Security Advisories
All Advisories
TYPO3-EXT-SA-2026-004: Vulnerability in bundled package in extension "Amazon AWS SDK" (aws)
It has been discovered that the extension "Amazon AWS SDK" (aws) bundles a vulnerable version of “aws/aws-sdk-php“ which is susceptible to use of a…
TYPO3-EXT-SA-2026-003: Vulnerability in bundled package in extension "Amazon Web Services (AWS) Toolbox" (aws_tools)
It has been discovered that the extension "Amazon Web Services (AWS) Toolbox" (aws_tools) bundles a vulnerable version of “aws/aws-sdk-php“ which is…
TYPO3-EXT-SA-2026-002: Vulnerability in bundled package in extension "AWS SDK for PHP" (aws_sdk_php)
It has been discovered that the extension "AWS SDK for PHP" (aws_sdk_php) bundles a vulnerable version of “aws/aws-sdk-php“ which is susceptible to…
TYPO3-EXT-SA-2026-001: Insecure Deserialization in extension "Mailqueue" (mailqueue)
It has been discovered that the extension "Mailqueue" (mailqueue) is vulnerable to insecure deserialization.
TYPO3-CORE-SA-2026-004: Insecure Deserialization via Mailer File Spool
It has been discovered that TYPO3 CMS is vulnerable to insecure deserialization.
TYPO3-CORE-SA-2026-003: Broken Access Control in Recycler Module
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-002: Broken Access Control in Redirects Module
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-001: Broken Access Control in Edit Document Controller
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-EXT-SA-2025-016: Vulnerability in bundled package in extension "Single Sign-on with SAML" (md_saml)
It has been discovered that the extension "Single Sign-on with SAML" (md_saml) bundles a vulnerable version of “onelogin/php-saml“ which is…
TYPO3-EXT-SA-2025-015: Broken Authentication in extension "Modules" (modules)
It has been discovered that the extension "Modules" (modules) is susceptible to Broken Authentication.
TYPO3-EXT-SA-2025-014: Vulnerability in bundled package in extension "Forms Export" (frp_form_answers)
It has been discovered that the extension "Forms Export" (frp_form_answers) bundles a vulnerable version of "phpoffice/phpspreadsheet", which is…
TYPO3-EXT-SA-2025-013: Vulnerability in bundled package in extension "Base Excel" (base_excel)
It has been discovered that the extension "Base Excel" (base_excel) bundles a vulnerable version of “phpoffice/phpspreadsheet“ which is susceptible to…
TYPO3-EXT-SA-2025-012: Cross-Site Scripting in extension "Form to Database" (form_to_database)
It has been discovered that the extension "Form to Database" (form_to_database) is susceptible to Cross-Site Scripting.
TYPO3-CORE-SA-2025-023: Information Disclosure via CSV Download
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
TYPO3-CORE-SA-2025-022: Information Disclosure in Workspaces Module
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
TYPO3-CORE-SA-2025-021: Broken Access Control in Backend AJAX Routes
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2025-020: Information Disclosure via File Abstraction Layer
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
TYPO3-CORE-SA-2025-019: Insufficient Entropy in Password Generation
It has been discovered that TYPO3 CMS is susceptible to insufficient entropy.
TYPO3-CORE-SA-2025-018: Denial of Service in TYPO3 Bookmark Toolbar
It has been discovered that TYPO3 CMS is susceptible to denial of service.
TYPO3-CORE-SA-2025-017: Open Redirect in TYPO3 CMS
It has been discovered that TYPO3 CMS is susceptible to open redirect.