Security Advisories

All Advisories

Subscribe to our Security Advisories Mailing List and receive Security Bulletins via E-Mail

Tue. 14th January, 2025
TYPO3-CORE-SA-2025-004: Cross-Site Request Forgery in Backend User Module

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to cross-site request forgery.
Read more
Tue. 14th January, 2025
TYPO3-CORE-SA-2025-003: Cross-Site Request Forgery in Log Module

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to cross-site request forgery.
Read more
Tue. 14th January, 2025
TYPO3-CORE-SA-2025-002: Potential Open Redirect via Parsing Differences

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to open redirect.
Read more
Tue. 14th January, 2025
TYPO3-CORE-SA-2025-001: Information Disclosure via Exception Handling/Logger

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to information disclosure.
Read more
Tue. 8th October, 2024
TYPO3-CORE-SA-2024-012: Information Disclosure in TYPO3 Page Tree

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to information disclosure.
Read more
Tue. 8th October, 2024
TYPO3-CORE-SA-2024-011: Denial of Service in TYPO3 Bookmark Toolbar

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to denial of service.
Read more
Tue. 17th September, 2024
TYPO3-EXT-SA-2024-007: Insecure Direct Object Reference in extension "powermail" (powermail)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "powermail" (powermail) is susceptible to Insecure Direct Object Reference.
Read more
Tue. 27th August, 2024
TYPO3-EXT-SA-2024-006: Multiple vulnerabilities in "powermail" (powermail)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "powermail" (powermail) is susceptible to Insecure Direct Object Reference and Broken Access Control.
Read more
Tue. 18th June, 2024
TYPO3-EXT-SA-2024-005: Multiple vulnerabilities in "Aimeos shop and e-commerce framework" (aimeos)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Aimeos shop and e-commerce framework" (aimeos) is susceptible to Remote Code Execution and Insecure Direct…
Read more
Tue. 18th June, 2024
TYPO3-EXT-SA-2024-004: Broken Access Control in "Integration of Friendly Captcha" (friendlycaptcha_official)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Integration of Friendly Captcha" (friendlycaptcha_official) is susceptible to Broken Access Control.
Read more

Security Advisories

TYPO3-CORE-SA-2025-004: Cross-Site Request Forgery in Backend User Module

TYPO3-CORE-SA-2025-003: Cross-Site Request Forgery in Log Module

TYPO3-CORE-SA-2025-002: Potential Open Redirect via Parsing Differences

TYPO3-CORE-SA-2025-001: Information Disclosure via Exception Handling/Logger

TYPO3-CORE-SA-2024-012: Information Disclosure in TYPO3 Page Tree

TYPO3-CORE-SA-2024-011: Denial of Service in TYPO3 Bookmark Toolbar

TYPO3-EXT-SA-2024-007: Insecure Direct Object Reference in extension "powermail" (powermail)

TYPO3-EXT-SA-2024-006: Multiple vulnerabilities in "powermail" (powermail)

TYPO3-EXT-SA-2024-005: Multiple vulnerabilities in "Aimeos shop and e-commerce framework" (aimeos)

TYPO3-EXT-SA-2024-004: Broken Access Control in "Integration of Friendly Captcha" (friendlycaptcha_official)

Information

Downloads

Community

Popular links

Professional Content Management

Inspire people to share

A Community Effort

Do you have a question?

Security Advisories

Information

Downloads

Community

Popular links