Security Advisories

All Advisories

Subscribe to our Security Advisories Mailing List and receive Security Bulletins via E-Mail

Tue. 2nd September, 2025
TYPO3-EXT-SA-2025-011: Command Injection in extension "TYPO3 Backup Plus" (ns_backup)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "TYPO3 Backup Plus" (ns_backup) is susceptible to Command Injection.
Read more
Thu. 14th August, 2025
TYPO3-PSA-2025-001: Sanitization bypass in SVG Sanitizer

Categories: Development, TYPO3 CMS

Advisory type: Public Service Announcements
Created by Oliver Hader

Third-party package enshrined/svg-sanitize, used by TYPO3 core packages, was susceptible to bypassing the sanitization strategy.
Read more
Tue. 22nd July, 2025
TYPO3-EXT-SA-2025-010: Insecure Direct Object Reference in extension "femanager" (femanager)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "femanager" (femanager) is susceptible to Insecure Direct Object Reference.
Read more
Tue. 22nd July, 2025
TYPO3-EXT-SA-2025-009: Insecure Direct Object Reference in extension "powermail" (powermail)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "powermail" (powermail) is susceptible to Insecure Direct Object Reference.
Read more
Tue. 20th May, 2025
TYPO3-EXT-SA-2025-008: Multiple vulnerabilities in extension "Front End User Registration" (sr_feuser_register)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Elias Häußler

It has been discovered that the extension "Front End User Registration" (sr_feuser_register) is susceptible to Remote Code Execution and Insecure…
Read more
Tue. 20th May, 2025
TYPO3-EXT-SA-2025-007: Multiple vulnerabilities in extension "Backup Plus" (ns_backup)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Elias Häußler

It has been discovered that the extension "Backup Plus" (ns_backup) is susceptible to Command Injection, Predictable Resource Location and Cross-Site…
Read more
Tue. 20th May, 2025
TYPO3-EXT-SA-2025-006: Insecure Direct Object Reference in extension "femanager" (femanager)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Elias Häußler

It has been discovered that the extension "femanager" (femanager) is susceptible to Insecure Direct Object Reference.
Read more
Tue. 20th May, 2025
TYPO3-EXT-SA-2025-005: Cross-Site Scripting in extension "[clickstorm] SEO" (cs_seo)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Elias Häußler

It has been discovered that the extension "[clickstorm] SEO" (cs_seo) is susceptible to Cross-Site Scripting.
Read more
Tue. 20th May, 2025
TYPO3-EXT-SA-2025-004: Insecure Direct Object Reference in extension "Download manager" (reint_downloadmanager)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Elias Häußler

It has been discovered that the extension "Download manager" (reint_downloadmanager) is susceptible to Insecure Direct Object Reference.
Read more
Tue. 20th May, 2025
TYPO3-CORE-SA-2025-016: Privilege Escalation to System Maintainer

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to broken authentication.
Read more

Security Advisories

TYPO3-EXT-SA-2025-011: Command Injection in extension "TYPO3 Backup Plus" (ns_backup)

TYPO3-PSA-2025-001: Sanitization bypass in SVG Sanitizer

TYPO3-EXT-SA-2025-010: Insecure Direct Object Reference in extension "femanager" (femanager)

TYPO3-EXT-SA-2025-009: Insecure Direct Object Reference in extension "powermail" (powermail)

TYPO3-EXT-SA-2025-008: Multiple vulnerabilities in extension "Front End User Registration" (sr_feuser_register)

TYPO3-EXT-SA-2025-007: Multiple vulnerabilities in extension "Backup Plus" (ns_backup)

TYPO3-EXT-SA-2025-006: Insecure Direct Object Reference in extension "femanager" (femanager)

TYPO3-EXT-SA-2025-005: Cross-Site Scripting in extension "[clickstorm] SEO" (cs_seo)

TYPO3-EXT-SA-2025-004: Insecure Direct Object Reference in extension "Download manager" (reint_downloadmanager)

TYPO3-CORE-SA-2025-016: Privilege Escalation to System Maintainer

Information

Downloads

Community

Popular links

Professional Content Management

Inspire people to share

A Community Effort

Do you have a question?

Security Advisories

Information

Downloads

Community

Popular links