December closed out 2025 with solid releases and active community work. From security updates and tooling progress to conference highlights and…

It has been discovered that the extension "Single Sign-on with SAML" (md_saml) bundles a vulnerable version of “onelogin/php-saml“ which is…

It has been discovered that the extension "Modules" (modules) is susceptible to Broken Authentication.

It has been discovered that the extension "Forms Export" (frp_form_answers) bundles a vulnerable version of "phpoffice/phpspreadsheet", which is…

It has been discovered that the extension "Base Excel" (base_excel) bundles a vulnerable version of “phpoffice/phpspreadsheet“ which is susceptible to…

It has been discovered that the extension "Form to Database" (form_to_database) is susceptible to Cross-Site Scripting.

It has been discovered that TYPO3 CMS is susceptible to information disclosure.

It has been discovered that TYPO3 CMS is susceptible to information disclosure.

It has been discovered that TYPO3 CMS is susceptible to broken access control.

It has been discovered that TYPO3 CMS is susceptible to information disclosure.

It has been discovered that TYPO3 CMS is susceptible to insufficient entropy.

It has been discovered that TYPO3 CMS is susceptible to denial of service.

It has been discovered that TYPO3 CMS is susceptible to open redirect.

It has been discovered that the extension "TYPO3 Backup Plus" (ns_backup) is susceptible to Command Injection.

Third-party package enshrined/svg-sanitize, used by TYPO3 core packages, was susceptible to bypassing the sanitization strategy.

It has been discovered that the extension "femanager" (femanager) is susceptible to Insecure Direct Object Reference.

It has been discovered that the extension "powermail" (powermail) is susceptible to Insecure Direct Object Reference.

It has been discovered that the extension "Front End User Registration" (sr_feuser_register) is susceptible to Remote Code Execution and Insecure…

It has been discovered that the extension "Backup Plus" (ns_backup) is susceptible to Command Injection, Predictable Resource Location and Cross-Site…

It has been discovered that the extension "femanager" (femanager) is susceptible to Insecure Direct Object Reference.

The versions 13.1.1, 12.4.15 and 11.5.37 of the TYPO3 Enterprise Content Management System have just been released.

It has been discovered that TYPO3 CMS is susceptible to denial of service.

It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.

It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.

It has been discovered that TYPO3 CMS is vulnerable to HTML injection.

The TYPO3 Association has officially launched the third community budget process of 2024.

The choice of an enterprise CMS should not be taken lightly. This guide should support your business in choosing the right enterprise CMS.

Young developers Lisa-Maria Schedlberger & Julia Gruber share their first-hand experience of fun-in-the-sun at TYPO3 Surfcamp.

Register now for T3CON24 and the TYPO3 Awards. Experience three days of innovative talks, networking, and celebrate the community's best at the TYPO3…

Significant progress for TYPO3: Rector rules, image rendering, simplified translation handling, and ACL improvements.