typo3/cms-core vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-11607Hightypo3/cms-core: TYPO3 CMS has Broken Access Control in its Form FrameworkCVE-2026-47349Mediumtypo3/cms-core: TYPO3 CMS has Broken Access Control in the Recycler ModuleCVE-2026-47347Mediumtypo3/cms-core: TYPO3 CMS has an Open Redirect Vulnerability via Core UtilitiesCVE-2026-47343Hightypo3/cms-core: TYPO3 CMS: Destructive Actions on File Mount FoldersCVE-2026-49741Hightypo3/cms-core: TYPO3 CMS has Privilege Escalation & SQL Injection in its Form FrameworkCVE-2026-47350Mediumtypo3/cms-core: TYPO3 CMS has Broken Access Control in its DataHandlerCVE-2026-47346Hightypo3/cms-core: TYPO3 CMS has Broken Access Control in its Form FrameworkCVE-2026-49742Hightypo3/cms-core: TYPO3 CMS has Broken Access Control in its Media ModuleCVE-2026-49740Mediumtypo3/cms-core: TYPO3 CMS has Insecure Deserialization via Core APICVE-2026-49738Lowtypo3/cms-core: TYPO3 CMS has Broken Access Control in its File Abstraction LayerCVE-2026-47352Mediumtypo3/cms-core: TYPO3 CMS has Broken Access Control in Backend APICVE-2026-47351Mediumtypo3/cms-core: TYPO3 CMS: Broken Access Control in Media ModuleCVE-2026-47348Mediumtypo3/cms-core: TYPO3 CMS has Cross-Site Scripting in Indexed SearchCVE-2026-0859Mediumtypo3/cms-core: TYPO3 CMS Allows Insecure Deserialization via Mailer File SpoolCVE-2025-59016Mediumtypo3/cms-core: TYPO3 CMS exposes sensitive information in an error messageCVE-2025-59013Mediumtypo3/cms-core: TYPO3 CMS has an open‑redirect vulnerabilityCVE-2025-59015Mediumtypo3/cms-core: TYPO3 CMS uses insufficient entropy when generating passwordsCVE-2025-47940Hightypo3/cms-core: TYPO3 Allows Privilege Escalation to System MaintainerCVE-2025-47939Mediumtypo3/cms-core: TYPO3 Allows Unrestricted File Upload in File Abstraction LayerCVE-2025-47938Lowtypo3/cms-core: TYPO3 Unverified Password Change for Backend UsersCVE-2025-47937Lowtypo3/cms-core: TYPO3 Allows Information Disclosure via DBAL Restriction HandlingCVE-2024-55892Mediumtypo3/cms-core: TYPO3 Potential Open Redirect via Parsing DifferencesGHSA-5H5V-M596-R6RFHightypo3/cms-core: TYPO3 Possible Insecure Deserialization in Extbase Request HandlingGHSA-6XWF-7RFM-4GWCMediumtypo3/cms-core: TYPO3 Cross-Site Scripting in Filelist ModuleGHSA-4PPR-JW47-9QM5Mediumtypo3/cms-core: TYPO3 Cross-Site Scripting in Link Handling

Stop the waste.
Protect your environment with Kodem.