| Vulnerability Name |
CVE
CWE
|
CWE |
Severity |
|
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21358)
|
CVE-2021-21358
CWE-707
|
CWE-707
|
Medium
|
|
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21365)
|
CVE-2021-21365
CWE-707
|
CWE-707
|
Medium
|
|
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21370)
|
CVE-2021-21370
CWE-707
|
CWE-707
|
Medium
|
|
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32667)
|
CVE-2021-32667
CWE-707
|
CWE-707
|
Medium
|
|
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32668)
|
CVE-2021-32668
CWE-707
|
CWE-707
|
Medium
|
|
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32669)
|
CVE-2021-32669
CWE-707
|
CWE-707
|
Medium
|
|
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32768)
|
CVE-2021-32768
CWE-707
|
CWE-707
|
Medium
|
|
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31048)
|
CVE-2022-31048
CWE-707
|
CWE-707
|
Medium
|
|
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31049)
|
CVE-2022-31049
CWE-707
|
CWE-707
|
Medium
|
|
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-36107)
|
CVE-2022-36107
CWE-707
|
CWE-707
|
Medium
|
|
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-36108)
|
CVE-2022-36108
CWE-707
|
CWE-707
|
Medium
|
|
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-24814)
|
CVE-2023-24814
CWE-707
|
CWE-707
|
Medium
|
|
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-47125)
|
CVE-2023-47125
CWE-707
|
CWE-707
|
Medium
|
|
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-34355)
|
CVE-2024-34355
CWE-707
|
CWE-707
|
Medium
|
|
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-34356)
|
CVE-2024-34356
CWE-707
|
CWE-707
|
Medium
|
|
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-34357)
|
CVE-2024-34357
CWE-707
|
CWE-707
|
Medium
|
|
TYPO3 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression La Vulnerability (CVE-2022-23504)
|
CVE-2022-23504
CWE-138
|
CWE-138
|
Medium
|
|
TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2007-6381)
|
CVE-2007-6381
CWE-138
|
CWE-138
|
Medium
|
|
TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-3632)
|
CVE-2009-3632
CWE-138
|
CWE-138
|
Medium
|
|
TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-5103)
|
CVE-2010-5103
CWE-138
|
CWE-138
|
Medium
|
|
TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-6144)
|
CVE-2012-6144
CWE-138
|
CWE-138
|
Medium
|
|
TYPO3 Inadequate Encryption Strength Vulnerability (CVE-2010-3670)
|
CVE-2010-3670
CWE-326
|
CWE-326
|
Medium
|
|
TYPO3 Incorrect Authorization Vulnerability (CVE-2024-47780)
|
CVE-2024-47780
CWE-863
|
CWE-863
|
Medium
|
|
TYPO3 Incorrect Authorization Vulnerability (CVE-2025-47937)
|
CVE-2025-47937
CWE-863
|
CWE-863
|
Medium
|
|
TYPO3 Incorrect Authorization Vulnerability (CVE-2025-59020)
|
CVE-2025-59020
CWE-863
|
CWE-863
|
Medium
|
|
TYPO3 Insertion of Sensitive Information into Log File Vulnerability (CVE-2021-32767)
|
CVE-2021-32767
CWE-532
|
CWE-532
|
Medium
|
|
TYPO3 Insertion of Sensitive Information into Log File Vulnerability (CVE-2022-31047)
|
CVE-2022-31047
CWE-532
|
CWE-532
|
Medium
|
|
TYPO3 Insertion of Sensitive Information into Log File Vulnerability (CVE-2024-55891)
|
CVE-2024-55891
CWE-532
|
CWE-532
|
Medium
|
|
Typo3 Install Tool publicly accessible
|
CWE-200
|
CWE-200
|
Medium
|
|
TYPO3 Insufficient Entropy Vulnerability (CVE-2025-59015)
|
CVE-2025-59015
CWE-331
|
CWE-331
|
Medium
|
|
TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-23502)
|
CVE-2022-23502
CWE-613
|
CWE-613
|
Medium
|
|
TYPO3 Missing Authorization Vulnerability (CVE-2025-59021)
|
CVE-2025-59021
CWE-862
|
CWE-862
|
Medium
|
|
TYPO3 Observable Discrepancy Vulnerability (CVE-2022-36105)
|
CVE-2022-36105
CWE-203
|
CWE-203
|
Medium
|
|
TYPO3 Other Vulnerability (CVE-2006-0327)
|
CVE-2006-0327
|
|
Medium
|
|
TYPO3 Other Vulnerability (CVE-2009-3630)
|
CVE-2009-3630
|
|
Medium
|
|
TYPO3 Other Vulnerability (CVE-2012-1605)
|
CVE-2012-1605
|
|
Medium
|
|
TYPO3 Other Vulnerability (CVE-2012-3530)
|
CVE-2012-3530
|
|
Medium
|
|
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2717)
|
CVE-2008-2717
CWE-264
|
CWE-264
|
Medium
|
|
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3717)
|
CVE-2010-3717
CWE-264
|
CWE-264
|
Medium
|
|
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6146)
|
CVE-2012-6146
CWE-264
|
CWE-264
|
Medium
|
|
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4320)
|
CVE-2013-4320
CWE-264
|
CWE-264
|
Medium
|
|
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7073)
|
CVE-2013-7073
CWE-264
|
CWE-264
|
Medium
|
|
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7081)
|
CVE-2013-7081
CWE-264
|
CWE-264
|
Medium
|
|
TYPO3 Resource Management Errors Vulnerability (CVE-2013-1843)
|
CVE-2013-1843
|
|
Medium
|
|
TYPO3 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-47936)
|
CVE-2025-47936
CWE-918
|
CWE-918
|
Medium
|
|
TYPO3 Session Fixation Vulnerability (CVE-2010-3671)
|
CVE-2010-3671
CWE-384
|
CWE-384
|
Medium
|
|
TYPO3 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2025-47939)
|
CVE-2025-47939
CWE-434
|
CWE-434
|
Medium
|
|
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2010-3661)
|
CVE-2010-3661
CWE-601
|
CWE-601
|
Medium
|
|
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2010-3669)
|
CVE-2010-3669
CWE-601
|
CWE-601
|
Medium
|
|
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-15241)
|
CVE-2020-15241
CWE-601
|
CWE-601
|
Medium
|
|
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-21338)
|
CVE-2021-21338
CWE-601
|
CWE-601
|
Medium
|
|
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-55892)
|
CVE-2024-55892
CWE-601
|
CWE-601
|
Medium
|
|
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-59013)
|
CVE-2025-59013
CWE-601
|
CWE-601
|
Medium
|
|
TYPO3 Use of Insufficiently Random Values Vulnerability (CVE-2010-3666)
|
CVE-2010-3666
CWE-330
|
CWE-330
|
Medium
|
|
UAParser.js Other Vulnerability (CVE-2020-7793)
|
CVE-2020-7793
|
|
Medium
|
|
UAParser.js Uncontrolled Resource Consumption Vulnerability (CVE-2020-7733)
|
CVE-2020-7733
CWE-400
|
CWE-400
|
Medium
|
|
Unauthenticated OpenAI API Access
|
|
|
Medium
|
|
Unauthorized Access to a web app installer
|
CWE-200
|
CWE-200
|
Medium
|
|
Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability
|
CWE-400
|
CWE-400
|
Medium
|
|
Undertow Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2021-3597)
|
CVE-2021-3597
CWE-362
|
CWE-362
|
Medium
|
|
Undertow CVE-2022-2764 Vulnerability (CVE-2022-2764)
|
CVE-2022-2764
|
|
Medium
|
|
Undertow Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-7816)
|
CVE-2014-7816
CWE-22
|
CWE-22
|
Medium
|
|
Undertow Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Vulnerability (CVE-2018-1067)
|
CVE-2018-1067
CWE-113
|
CWE-113
|
Medium
|
|
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-7559)
|
CVE-2017-7559
CWE-444
|
CWE-444
|
Medium
|
|
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10687)
|
CVE-2020-10687
CWE-444
|
CWE-444
|
Medium
|
|
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10719)
|
CVE-2020-10719
CWE-444
|
CWE-444
|
Medium
|
|
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2021-20220)
|
CVE-2021-20220
CWE-444
|
CWE-444
|
Medium
|
|
Undertow Incorrect Authorization Vulnerability (CVE-2017-12196)
|
CVE-2017-12196
CWE-863
|
CWE-863
|
Medium
|
|
Unicode Transformation (Best-Fit Mapping)
|
CWE-176
|
CWE-176
|
Medium
|
|
Unprotected Apache NiFi API interface
|
CWE-287
|
CWE-287
|
Medium
|
|
Unprotected JSON file leaking secrets
|
CWE-200
|
CWE-200
|
Medium
|
|
Unprotected Kong Gateway Admin API interface
|
CWE-287
|
CWE-287
|
Medium
|
|
Unrestricted access to AnythingLLM API
|
CVE-2024-6842
CWE-200
|
CWE-200
|
Medium
|
|
Unrestricted access to MLflow
|
CWE-200
|
CWE-200
|
Medium
|
|
Unrestricted access to NGINX+ API interface (read only)
|
CWE-200
|
CWE-200
|
Medium
|
