Typo3
This hub aggregates every CVE we track for Typo3, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
226
CVEs tracked
4
Critical
46
High
0
In CISA KEV
Severity distribution
MEDIUM149HIGH46LOW27CRITICAL4
Monthly trend
0
0
0
2
0
0
10
0
0
0
12
0
1
0
7
0
0
0
4
0
0
1
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Typo3.
- CVE-2026-6553TYPO3 CMS Stores Cleartext Password in User Settings Module7.5
- CVE-2026-0859TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool7.8
- CVE-2025-59022TYPO3 CMS Allows Broken Access Control in Recycler Module8.1
- CVE-2025-59021TYPO3 CMS Allows Broken Access Control in Redirects Module6.4
- CVE-2025-59020TYPO3 CMS Allows Broken Access Control in Edit Document Controller6.5
- CVE-2025-59019Information Disclosure via CSV Download4.3
- CVE-2025-59018Information Disclosure in Workspaces Module6.5
- CVE-2025-59017Broken Access Control in Backend AJAX Routes8.8
- CVE-2025-59016Information Disclosure via File Abstraction Layer4.3
- CVE-2025-59015Insufficient Entropy in Password Generation6.5
- CVE-2025-59014Denial of Service in TYPO3 Bookmark Toolbar2.7
- CVE-2025-59013Open Redirect in TYPO3 CMS6.1
- CVE-2025-7900Insecure Direct Object Reference in extension "femanager" (femanager)6.5
- CVE-2025-48201The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location.8.6
- CVE-2025-48207The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.8.6
Product normalization is registry-driven with AI assist and human review. How it works