Typo3/cms-core

This hub aggregates every CVE we track for Typo3/cms-core, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Typo3/cms-core.

• CVE-2026-0859TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool7.8Jan 13, 2026
• CVE-2025-59016Information Disclosure via File Abstraction Layer4.3Sep 9, 2025
• CVE-2025-59015Insufficient Entropy in Password Generation6.5Sep 9, 2025
• CVE-2025-59013Open Redirect in TYPO3 CMS6.1Sep 9, 2025
• CVE-2025-47940TYPO3 CMS Vulnerable to Privilege Escalation to System Maintainer7.2May 20, 2025
• CVE-2025-47939TYPO3 CMS Vulnerable to Unrestricted File Upload in File Abstraction Layer5.4May 20, 2025
• CVE-2025-47938TYPO3 Vulnerable to Unverified Password Change for Backend Users3.8May 20, 2025
• CVE-2025-47937TYPO3 Vulnerable to Information Disclosure via DBAL Restriction Handling3.7May 20, 2025
• CVE-2024-55892Potential Open Redirect via Parsing Differences in TYPO34.8Jan 14, 2025
• CVE-2024-34358TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController5.3May 14, 2024
• CVE-2024-34357TYPO3 vulnerable to Cross-Site Scripting in ShowImageController5.4May 14, 2024
• CVE-2024-34356TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module5.4May 14, 2024
• CVE-2024-34355TYPO3 vulnerable to an HTML Injection in the History Module3.5May 14, 2024
• CVE-2024-22188TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulner...7.2Mar 5, 2024
• CVE-2024-25118Information Disclosure of Hashed Passwords in TYPO3 Backend Forms4.3Feb 13, 2024