Vulnerability Database

318,251

Total vulnerabilities in the database

Vulnerabilities for products matching "cms--core"

Found 1 matching product.

You can search for specific versions with /product/cms--core/1.2.3

typo3 / cms-core

88 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-59016	Medium		September 9, 2025 9/9/25	>= 9.0.0 < 12.4.37 >= 10.0.0 < 12.4.37 >= 11.0.0 < 12.4.37 >= 12.0.0 < 12.4.37 >= 13.0.0 < 13.4.18
CVE-2025-59013	Medium		September 9, 2025 9/9/25	>= 9.0.0 < 12.4.37 >= 10.0.0 < 12.4.37 >= 11.0.0 < 12.4.37 >= 12.0.0 < 12.4.37 >= 13.0.0 < 13.4.18
CVE-2025-59015	Medium		September 9, 2025 9/9/25	>= 12.0.0 < 12.4.37 >= 13.0.0 < 13.4.18
CVE-2025-47940	High		May 20, 2025 5/20/25	>= 10.4.0 < 10.4.50 >= 11.0.0 < 11.5.44 >= 12.0.0 < 12.4.31 >= 13.0.0 < 13.4.12
CVE-2025-47939	Medium		May 20, 2025 5/20/25	>= 9.0.0 < 9.5.51 >= 10.0.0 < 10.4.50 >= 11.0.0 < 11.5.44 >= 12.0.0 < 12.4.31 >= 13.0.0 < 13.4.12
CVE-2025-47938	Low		May 20, 2025 5/20/25	>= 9.0.0 < 9.5.51 >= 10.0.0 < 10.4.50 >= 11.0.0 < 11.5.44 >= 12.0.0 < 12.4.31 >= 13.0.0 < 13.4.12
CVE-2025-47937	Low		May 20, 2025 5/20/25	>= 9.0.0 < 9.5.51 >= 10.0.0 < 10.4.50 >= 11.0.0 < 11.5.44 >= 12.0.0 < 12.4.31 >= 13.0.0 < 13.4.12
CVE-2024-55892	Medium		January 14, 2025 1/14/25	>= 9.0.0 < 9.5.49 >= 10.0.0 < 10.4.48 >= 11.0.0 < 11.5.42 >= 12.0.0 < 12.4.25 >= 13.0.0 < 13.4.3
TYPO3 Possible Insecure Deserialization in Extbase Request Handling	High		May 30, 2024 5/30/24	>= 8.0.0 < 8.7.30 >= 9.0.0 < 9.5.12
TYPO3 Cross-Site Scripting in Filelist Module	Medium		May 30, 2024 5/30/24	>= 10.0.0 < 10.2.1 >= 8.0.0 < 8.7.30 >= 9.0.0 < 9.5.12
TYPO3 Cross-Site Scripting in Link Handling	Medium		May 30, 2024 5/30/24	>= 10.0.0 < 10.2.1 >= 8.0.0 < 8.7.30 >= 9.0.0 < 9.5.12
TYPO3 Cross-Site Scripting in Form Framework validation handling	Medium		May 30, 2024 5/30/24	>= 10.0.0 < 10.2.1 >= 8.0.0 < 8.7.30 >= 9.0.0 < 9.5.12
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API	High		May 30, 2024 5/30/24	>= 8.0.0 < 8.7.27 >= 9.0.0 < 9.5.8
TYPO3 Broken Access Control in Import Module	Medium		May 30, 2024 5/30/24	>= 9.3.0 < 9.5.8
TYPO3 Security Misconfiguration in Frontend Session Handling	High		May 30, 2024 5/30/24	>= 8.0.0 < 8.7.27 >= 9.0.0 < 9.5.8
TYPO3 Information Disclosure in Backend User Interface	Medium		May 30, 2024 5/30/24	>= 8.0.0 < 8.7.27 >= 9.0.0 < 9.5.8
TYPO3 Information Disclosure in User Authentication	Medium		May 30, 2024 5/30/24	>= 9.0.0 < 9.5.6
TYPO3 Disclosure of Information about Installed Extensions	Medium		May 30, 2024 5/30/24	>= 8.0.0 < 8.7.23 >= 9.0.0 < 9.5.4
TYPO3 Information Disclosure in Page Tree	Medium		May 30, 2024 5/30/24	>= 9.0.0 < 9.5.6
TYPO3 Security Misconfiguration in User Session Handling	Medium		May 30, 2024 5/30/24	>= 8.0.0 < 8.7.25 >= 9.0.0 < 9.5.6
TYPO3 Cross-Site Scripting in Form Framework	Medium		May 30, 2024 5/30/24	>= 8.5.0 < 8.7.23 >= 9.0.0 < 9.5.4
TYPO3 Cross-Site Scripting in Language Pack Handling	Medium		May 30, 2024 5/30/24	>= 9.2.0 < 9.5.4
TYPO3 Arbitrary Code Execution via File List Module	High		May 30, 2024 5/30/24	>= 8.0.0 < 8.7.23 >= 9.0.0 < 9.5.4
TYPO3 Broken Access Control in Localization Handling	Medium		May 30, 2024 5/30/24	>= 8.0.0 < 8.7.23
TYPO3 Cross-Site Scripting in Fluid ViewHelpers	Medium		May 30, 2024 5/30/24	>= 8.0.0 < 8.7.23 >= 9.0.0 < 9.5.4
TYPO3 Security Misconfiguration for Backend User Accounts	High		May 30, 2024 5/30/24	>= 8.0.0 < 8.7.23 >= 9.0.0 < 9.5.4
TYPO3 Denial of Service in Frontend Record Registration	High		May 30, 2024 5/30/24	>= 8.0.0 < 8.7.21 >= 7.0.0 < 7.6.32
TYPO3 Denial of Service in Online Media Asset Handling	Medium		May 30, 2024 5/30/24	>= 8.0.0 < 8.7.21 >= 9.0.0 < 9.5.2 >= 7.0.0 < 7.6.32
TYPO3 Information Disclosure in Install Tool	Medium		May 30, 2024 5/30/24	>= 8.0.0 < 8.7.21 >= 9.0.0 < 9.5.2 >= 7.0.0 < 7.6.32
TYPO3 Security Misconfiguration in Install Tool Cookie	High		May 30, 2024 5/30/24	>= 8.0.0 < 8.7.21 >= 9.0.0 < 9.5.2 >= 7.0.0 < 7.6.32
TYPO3 Cross-Site Scripting in Frontend User Login	Medium		May 30, 2024 5/30/24	>= 8.0.0 < 8.7.21 >= 9.0.0 < 9.5.2 >= 7.1.0 < 7.6.32
TYPO3 Cross-Site Scripting in Backend Modal Component	Medium		May 30, 2024 5/30/24	>= 8.0.0 < 8.7.21 >= 9.0.0 < 9.5.2 >= 7.1.0 < 7.6.32
TYPO3 CMS Insecure Deserialization	High		May 30, 2024 5/30/24	>= 8.5.0 < 8.7.17 >= 9.0.0 < 9.3.1
TYPO3 Cross-Site Scripting in Online Media Asset Rendering	Medium		May 30, 2024 5/30/24	>= 8.0.0 < 8.7.21 >= 9.0.0 < 9.5.2
TYPO3 CMS Privilege Escalation and SQL Injection	High		May 30, 2024 5/30/24	>= 8.5.0 < 8.7.17 >= 9.0.0 < 9.3.2
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution	Critical		May 30, 2024 5/30/24	>= 8.0.0 < 8.7.17 >= 9.0.0 < 9.3.2 >= 7.0.0 < 7.6.30
TYPO3 CMS Authentication Bypass vulnerability	High		May 30, 2024 5/30/24	>= 8.0.0 < 8.7.17 >= 9.0.0 < 9.3.2 >= 7.0.0 < 7.6.30
CVE-2024-34358	Medium		May 14, 2024 5/14/24	>= 9.0.0 < 9.5.48 >= 10.0.0 < 10.4.45 >= 11.0.0 < 11.5.37 >= 12.0.0 < 12.4.15 >= 13.0.0 < 13.1.1
CVE-2024-34357	Medium		May 14, 2024 5/14/24	>= 9.0.0 < 9.5.48 >= 10.0.0 < 10.4.45 >= 11.0.0 < 11.5.37 >= 12.0.0 < 12.4.15 >= 13.0.0 < 13.1.1
CVE-2024-34356	Medium		May 14, 2024 5/14/24	>= 9.0.0 < 9.5.48 >= 10.0.0 < 10.4.45 >= 11.0.0 < 11.5.37 >= 12.0.0 < 12.4.15 >= 13.0.0 < 13.1.1
CVE-2024-34355	Low		May 14, 2024 5/14/24	>= 13.0.0 < 13.1.1
CVE-2024-22188	High		March 5, 2024 3/5/24	>= 8.0.0 < 8.7.57 >= 9.0.0 < 9.5.46 >= 10.0.0 < 10.4.43 >= 11.0.0 < 11.5.35 >= 12.0.0 < 12.4.11 == 13.0.0 >= 13.0.0 < 13.0.1
CVE-2024-25121	High		February 13, 2024 2/13/24	>= 8.0.0 < 8.7.57 >= 9.0.0 < 9.5.46 >= 10.0.0 < 10.4.43 >= 11.0.0 < 11.5.35 >= 12.0.0 < 12.4.11 == 13.0.0 >= 13.0.0 < 13.0.1
CVE-2024-25118	Low		February 13, 2024 2/13/24	>= 8.0.0 < 8.7.57 >= 9.0.0 < 9.5.46 >= 10.0.0 < 10.4.43 >= 11.0.0 < 11.5.35 >= 12.0.0 < 12.4.11 == 13.0.0 >= 13.0.0 < 13.0.1
CVE-2024-25119	Low		February 13, 2024 2/13/24	>= 8.0.0 < 8.7.57 >= 9.0.0 < 9.5.46 >= 10.0.0 < 10.4.43 >= 11.0.0 < 11.5.35 >= 12.0.0 < 12.4.11 == 13.0.0 >= 13.0.0 < 13.0.1
CVE-2024-25120	Low		February 13, 2024 2/13/24	>= 8.0.0 < 8.7.57 >= 9.0.0 < 9.5.46 >= 10.0.0 < 10.4.43 >= 11.0.0 < 11.5.35 >= 12.0.0 < 12.4.11 == 13.0.0 >= 13.0.0 < 13.0.1
CVE-2023-30451	Low		December 25, 2023 12/25/23	>= 8.0.0 < 8.7.57 >= 9.0.0 < 9.5.46 >= 10.0.0 < 10.4.43 >= 11.0.0 < 11.5.35 >= 12.0.0 < 12.4.11 == 13.0.0 >= 13.0.0 < 13.0.1
CVE-2023-47127	Low		November 14, 2023 11/14/23	>= 8.0.0 < 8.7.55 >= 9.0.0 < 9.5.44 >= 10.0.0 < 10.4.41 >= 11.0.0 < 11.5.33 >= 12.0.0 < 12.4.8
CVE-2023-38499	Low		July 25, 2023 7/25/23	>= 9.4.0 < 9.5.42 >= 10.0.0 < 10.4.39 >= 11.0.0 < 11.5.30 >= 12.0.0 < 12.4.4
CVE-2023-24814	High		February 7, 2023 2/7/23	>= 12.0.0 < 12.2.0 >= 11.0.0 < 11.5.23 >= 10.0.0 < 10.4.36 >= 9.0.0 < 9.5.40 >= 8.7.0 < 8.7.51

‹
›

1
2
›

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime