FLAT-FXLFC (CVE-2026-6553)
Non-encrypted confidential information In typo3/cms-backend
4.4
Medium
Ecosystem: Packagist
Package: typo3/cms-backend
FLAT-8H4D5 (CVE-2026-0859)
Insecure deserialization In typo3/cms-core
1.3
Low
Ecosystem: Packagist
Package: typo3/cms-core
FLAT-NKT0I (CVE-2025-59022)
Improper authorization control for web services In typo3/cms-recycler
4.9
Medium
Ecosystem: Packagist
Package: typo3/cms-recycler
FLAT-MB0BI (CVE-2025-59021)
Improper authorization control for web services In typo3/cms-redirects
1.3
Low
Ecosystem: Packagist
Package: typo3/cms-redirects
FLAT-QR40E (CVE-2025-59020)
Authentication mechanism absence or evasion In typo3/cms-backend
1.3
Low
Ecosystem: Packagist
Package: typo3/cms-backend
FLAT-EY5X3 (CVE-2025-59016)
Technical information leak In typo3/cms-core
1.3
Low
Ecosystem: Packagist
Package: typo3/cms-core
FLAT-L0CVW (CVE-2025-59017)
Improper authorization control for web services In typo3/cms-backend
1.3
Low
Ecosystem: Packagist
Package: typo3/cms-backend
FLAT-TFG25 (CVE-2025-59019)
Business information leak In typo3/cms-recordlist
1.3
Low
Ecosystem: Packagist
Package: typo3/cms-recordlist
FLAT-0XEX0 (CVE-2025-59018)
Business information leak In typo3/cms-workspaces
4.9
Medium
Ecosystem: Packagist
Package: typo3/cms-workspaces
FLAT-6KFI8 (CVE-2025-59013)
Uncontrolled external site redirect In typo3/cms-core
1.3
Low
Ecosystem: Packagist
Package: typo3/cms-core
FLAT-9BBCR (CVE-2025-59015)
Insecure generation of random numbers In typo3/cms-core
1.7
Low
Ecosystem: Packagist
Package: typo3/cms-core
FLAT-OSFZ3 (CVE-2025-59014)
Asymmetric denial of service In typo3/cms-backend
1.2
Low
Ecosystem: Packagist
Package: typo3/cms-backend
FLAT-ZJTPL (CVE-2025-47941)
Authentication mechanism absence or evasion In typo3/cms-backend
5.9
Medium
Ecosystem: Packagist
Package: typo3/cms-backend
FLAT-V8VDP (CVE-2025-47940)
Security controls bypass or absence In typo3/cms-core
6.1
Medium
Ecosystem: Packagist
Package: typo3/cms-core
FLAT-JHL6O (CVE-2025-47939)
Insecure file upload In typo3/cms-core
1.3
Low
Ecosystem: Packagist
Package: typo3/cms-core
FLAT-SKUIB (CVE-2025-47938)
Password change without identity check In typo3/cms-setup
1.2
Low
Ecosystem: Packagist
Package: typo3/cms-setup
FLAT-4KE8I (CVE-2025-47937)
Authentication mechanism absence or evasion In typo3/cms-core
1.7
Low
Ecosystem: Packagist
Package: typo3/cms-core
FLAT-ARMCP (CVE-2025-47936)
Server-side request forgery (SSRF) In typo3/cms-webhooks
0.5
Low
Ecosystem: Packagist
Package: typo3/cms-webhooks
FLAT-IYPF3 (CVE-2024-55945)
Cross-site request forgery In typo3/cms-lowlevel
0.6
Low
Ecosystem: Packagist
Package: typo3/cms-lowlevel
FLAT-ZFYNS (CVE-2024-55924)
Cross-site request forgery In typo3/cms-scheduler
4.8
Medium
Ecosystem: Packagist
Package: typo3/cms-scheduler
FLAT-1H2AY (CVE-2024-55923)
Cross-site request forgery In typo3/cms-indexed-search
0.6
Low
Ecosystem: Packagist
Package: typo3/cms-indexed-search
FLAT-45E17 (CVE-2024-55922)
Cross-site request forgery In typo3/cms-form
0.5
Low
Ecosystem: Packagist
Package: typo3/cms-form
FLAT-1JCRR (CVE-2024-55921)
Cross-site request forgery In typo3/cms-extensionmanager
6.1
Medium
Ecosystem: Packagist
Package: typo3/cms-extensionmanager
FLAT-RJB5G (CVE-2024-55920)
Cross-site request forgery In typo3/cms-dashboard
0.6
Low
Ecosystem: Packagist
Package: typo3/cms-dashboard
FLAT-86MQO (CVE-2024-55894)
Cross-site request forgery In typo3/cms-beuser
0.6
Low
Ecosystem: Packagist
Package: typo3/cms-beuser
FLAT-ZCR67 (CVE-2024-55893)
Cross-site request forgery In typo3/cms-belog
0.6
Low
Ecosystem: Packagist
Package: typo3/cms-belog
FLAT-CIXAE (CVE-2024-55892)
Uncontrolled external site redirect In typo3/cms-core
1.7
Low
Ecosystem: Packagist
Package: typo3/cms-core
FLAT-VUOQH (CVE-2024-55891)
Non-encrypted confidential information In typo3/cms-install
0.6
Low
Ecosystem: Packagist
Package: typo3/cms-install
FLAT-TJIJ6 (CVE-2024-34537)
Lack of data validation - Path Traversal In typo3/cms-backend
1.2
Low
Ecosystem: Packagist
Package: typo3/cms-backend
FLAT-D4LG6 (CVE-2024-47780)
Authentication mechanism absence or evasion In typo3/cms-backend
0.6
Low
Ecosystem: Packagist
Package: typo3/cms-backend
FLAT-KQMO3 (GHSA-f3wf-q4fj-3gxf)
Inadequate file size control In typo3/cms
2.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-CQURP (GHSA-6487-3qvg-8px9)
Business information leak In typo3/cms
2.7
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-FHWJZ (GHSA-f777-f784-36gm)
Insecurely generated cookies In typo3/cms
6.2
Medium
Ecosystem: Packagist
Package: typo3/cms
FLAT-GQ7XI (GHSA-2rcw-9hrm-8q7q)
Server side cross-site scripting In typo3/cms
0.5
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-P5SFB (GHSA-7q33-hxwj-7p8v)
Server side cross-site scripting In typo3/cms
0.5
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-6QVLV (GHSA-8m6j-p5jv-v69w)
Server side cross-site scripting In typo3/cms
0.5
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-4PAIU (GHSA-8h4m-r4wm-xj7r)
Insecure file upload In typo3/cms
6.3
Medium
Ecosystem: Packagist
Package: typo3/cms
FLAT-5ZKDW (GHSA-g585-crjf-vhwq)
Asymmetric denial of service In typo3/cms
6.6
Medium
Ecosystem: Packagist
Package: typo3/cms
FLAT-3M0AM (GHSA-f624-8hfq-5fh3)
Business information leak In typo3/cms
2.7
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-4BMM0 (GHSA-v8m4-3w37-ghxx)
Reflected cross-site scripting (XSS) In typo3/cms
0.6
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-Q3DRL (GHSA-4h5c-5g25-v7fh)
Reflected cross-site scripting (XSS) In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-JGW5C (GHSA-c5mj-39cf-3pp5)
Authentication mechanism absence or evasion In typo3/cms
4.1
Medium
Ecosystem: Packagist
Package: typo3/cms
FLAT-JPJF7 (GHSA-xgmx-j3hv-jh9x)
Server side cross-site scripting In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-0BN0G (GHSA-772m-43f3-hmf8)
Improper authorization control for web services In typo3/cms
4.9
Medium
Ecosystem: Packagist
Package: typo3/cms
FLAT-4F2LR (GHSA-g7hw-jh4p-75wr)
Server side cross-site scripting In typo3/cms
0.6
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-GWTBX (GHSA-85ch-44w7-rf32)
Reflected cross-site scripting (XSS) In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-SYUU2 (GHSA-hh95-5xm5-v8v7)
Insecure deserialization In typo3/cms
7.2
High
Ecosystem: Packagist
Package: typo3/cms
FLAT-0YSFD (GHSA-259v-xm34-p7fr)
Reflected cross-site scripting (XSS) In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-CGU8R (GHSA-f5rr-9r84-wwqf)
Improper authorization control for web services In typo3/cms
1.7
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-0VUHG (GHSA-h934-f4m4-wc8x)
Enabled default configuration In typo3/cms
2.7
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-EVFZU (GHSA-hww5-6x85-mc24)
Lack of data validation - Modify DOM Elements In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-1LR5R (GHSA-qr5f-6fcv-w69q)
Session Fixation In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-BF7XR (GHSA-g9rv-6g56-65h8)
Insecure session management In typo3/cms
0.6
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-YAD74 (GHSA-q9c4-9v5m-597p)
Business information leak In typo3/cms
0.6
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-VAX3A (GHSA-m96r-7vqm-j95g)
Non-encrypted confidential information In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-SQ1F0 (GHSA-v4qr-8h2v-qpjx)
Server side cross-site scripting In typo3/cms
0.6
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-P9506 (GHSA-5gr6-97fv-52cc)
Reflected cross-site scripting (XSS) In typo3/cms
2.7
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-R1S6G (GHSA-c7rj-92xr-wprg)
Insecure deserialization In typo3/cms
0.6
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-9HLLL (GHSA-pw2q-qwvj-gh43)
Asymmetric denial of service In typo3/cms
2.7
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-OF3X3 (GHSA-mh3r-6cp5-hc2j)
Authentication mechanism absence or evasion In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-U80LE (GHSA-6f9m-v7mp-7jjq)
Authentication mechanism absence or evasion In typo3/cms
2.7
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-3JD9B (GHSA-g46h-v2cc-6c94)
Unauthorized access to screen In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-AD460 (GHSA-ppgf-8745-8pgx)
Insecure deserialization In typo3/cms
0.6
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-7OAXQ (GHSA-c7p6-3c9c-f88q)
Technical information leak In typo3/cms
1.7
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-P4THY (GHSA-7qwg-fcpw-xg5g)
Server side template injection In typo3/cms
5.2
Medium
Ecosystem: Packagist
Package: typo3/cms
FLAT-R7AA8 (GHSA-g4pf-3jvq-2gcw)
Server side template injection In typo3/cms
2.7
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-UQ73T (GHSA-67wg-6j7r-mqh8)
Server side template injection In typo3/cms
7.7
High
Ecosystem: Packagist
Package: typo3/cms
FLAT-F4REJ (GHSA-8h28-f46f-m87h)
Insecure deserialization In typo3/cms
0.6
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-KMGPF (GHSA-p5c5-gmj4-g48f)
Server side cross-site scripting In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-SM2HR (GHSA-hq37-rfjc-mr8h)
Server side cross-site scripting In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-ZQLML (GHSA-qmwf-j7g7-f5jw)
Reflected cross-site scripting (XSS) In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-9HLVA (GHSA-vpr3-rc99-2wpr)
Improper authorization control for web services In typo3/cms
2.7
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-4HBQ0 (GHSA-j86x-pjmr-9m6w)
SQL injection - Code In typo3/cms
0.6
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-EMFC9 (GHSA-gwfx-p7mr-f92v)
Improper authorization control for web services In typo3/cms
8.4
High
Ecosystem: Packagist
Package: typo3/cms
FLAT-6206U (GHSA-xvcp-33rc-j8gq)
Insecure deserialization In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-T0EIW (GHSA-86r8-4g3w-7xjp)
Server side cross-site scripting In typo3/cms
1.2
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-50970 (GHSA-v5jp-4h2p-j2p4)
Excessive privileges In typo3/cms
1.7
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-BJPFY (GHSA-5wx6-xwxf-q8qj)
Server side cross-site scripting In typo3/cms
1.2
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-SOZPY (GHSA-6xh8-8pfv-53vx)
Authentication mechanism absence or evasion In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-B976R (GHSA-pmxp-7224-h794)
Asymmetric denial of service In typo3/cms
6.6
Medium
Ecosystem: Packagist
Package: typo3/cms
FLAT-B82AP (GHSA-wrpf-2x8h-82gr)
Business information leak In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-IQDQC (GHSA-8j9v-4hhh-x43c)
Server side cross-site scripting In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-MYMUV (GHSA-qffc-gwpp-m2xr)
XML injection (XXE) In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-500FQ (GHSA-3jxq-5xhh-9jr3)
Server side cross-site scripting In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-VOBUA (GHSA-5j86-5xvg-7q93)
Server side cross-site scripting In typo3/cms
2.7
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-ZO9SR (GHSA-vgm8-r9gm-fw59)
Server side cross-site scripting In typo3/cms
0.6
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-BRHMW (GHSA-cg4m-qjjp-7497)
Server side cross-site scripting In typo3/cms
0.6
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-BZ38B (GHSA-6fc6-cj2j-h22x)
Server side cross-site scripting In typo3/cms
0.6
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-DR263 (GHSA-9895-53fc-98v2)
SQL injection - Code In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-3FD2R (GHSA-wh8q-72cp-p5wf)
Server side cross-site scripting In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-YSZQD (GHSA-qrxh-46mr-pr7q)
Insecure service configuration In typo3/cms
0.6
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-MXM2G (GHSA-5cxf-xx9j-54jc)
Server side cross-site scripting In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-I9M48 (GHSA-75mx-chcf-2q32)
Reflected cross-site scripting (XSS) In typo3/cms
0.0
None
Ecosystem: Packagist
Package: typo3/cms
FLAT-KUPCH (GHSA-pqfv-97hj-g97g)
Enabled default configuration In typo3/cms
2.7
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-EOE02 (GHSA-jqr8-q455-xx45)
Lack of data validation In typo3/cms
2.7
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-FI55I (GHSA-r287-hc8j-w56h)
Business information leak In typo3/cms
4.9
Medium
Ecosystem: Packagist
Package: typo3/cms
FLAT-Y9P3T (GHSA-wp8j-c736-c5r3)
Reflected cross-site scripting (XSS) In typo3/cms
1.2
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-1K1EC (GHSA-r9vc-jfmh-6j48)
Session Fixation In typo3/cms
2.3
Low
Ecosystem: Packagist
Package: typo3/cms
FLAT-YTC9M (GHSA-4r76-xr68-w7m7)
Excessive privileges In typo3/cms
6.3
Medium
Ecosystem: Packagist
Package: typo3/cms
FLAT-MTJKY (GHSA-p84g-j2gh-83g3)
Lack of data validation In typo3/cms
1.3
Low
Ecosystem: Packagist
Package: typo3/cms