4.3
CVE-2024-55923 - Cross-Site Request Forgery in Indexed Search Module in TYPO3
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstreaβ¦
8
CVE-2024-55924 - Cross-Site Request Forgery in Scheduler Module in TYPO3
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstreaβ¦
7.8
CVE-2025-21136 - Substance3D - Designer | Out-of-bounds Write (CWE-787)
Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2025-21138 - Substance3D - Designer | Out-of-bounds Write (CWE-787)
Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2025-21139 - Substance3D - Designer | Heap-based Buffer Overflow (CWE-122)
Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2025-21137 - Substance3D - Designer | Heap-based Buffer Overflow (CWE-122)
Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
4.3
CVE-2024-55945 - Cross-Site Request Forgery in DB Check Module in TYPO3
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstreaβ¦
3.1
CVE-2024-55891 - Information Disclosure via Exception Handling/Logger in TYPO3
TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the probβ¦
7.8
CVE-2025-21135 - Animate | Integer Underflow (Wrap or Wraparound) (CWE-191)
Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.5
CVE-2024-48858 - Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform
Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec.