typo3/cms-core Security Advisories for v12.4.35 (4)
-
[MEDIUM] TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool
PKSA-rtck-8z1q-gn5s CVE-2026-0859 GHSA-7vp9-x248-9vr9
Affected version: >=10.0.0,<=10.4.54|>=11.0.0,<=11.5.48|>=12.0.0,<=12.4.40|>=13.0.0,<=13.4.22|>=14.0.0,<=14.0.1
Reported by:
GitHub -
[MEDIUM] TYPO3 CMS exposes sensitive information in an error message
PKSA-ns26-fz7n-2jm8 CVE-2025-59016 GHSA-cvm2-5f78-g9m8
Affected version: >=13.0.0,<13.4.18|>=12.0.0,<12.4.37|>=11.0.0,<11.5.48|>=10.0.0,<10.4.54|>=9.0.0,<9.5.55
Reported by:
GitHub -
[MEDIUM] TYPO3 CMS has an open‑redirect vulnerability
PKSA-pz1k-khnw-3j7j CVE-2025-59013 GHSA-72jf-5fg5-3cw3
Affected version: >=13.0.0,<13.4.18|>=12.0.0,<12.4.37|>=11.0.0,<11.5.48|>=10.0.0,<10.4.54|>=9.0.0,<9.5.55
Reported by:
GitHub -
[MEDIUM] TYPO3 CMS uses insufficient entropy when generating passwords
PKSA-rwv7-ff55-f18g CVE-2025-59015 GHSA-p5jq-5383-qvc7
Affected version: >=13.0.0,<13.4.18|>=12.0.0,<12.4.37
Reported by:
GitHub