Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 15 Jun 2026 17:17:20 +0000 6fab61cc-0d24-4f13-9358-e64b099a2587 https://vulnerability.circl.lu/sighting/6fab61cc-0d24-4f13-9358-e64b099a2587/export {"uuid": "6fab61cc-0d24-4f13-9358-e64b099a2587", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-11607", "type": "seen", "source": "https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-typo3-cms", "content": "", "creation_timestamp": "2026-06-10T03:07:26.000000Z"} {"uuid": "6fab61cc-0d24-4f13-9358-e64b099a2587", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-11607", "type": "seen", "source": "https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-typo3-cms", "content": "", "creation_timestamp": "2026-06-10T03:07:26.000000Z"} https://vulnerability.circl.lu/sighting/6fab61cc-0d24-4f13-9358-e64b099a2587/export Wed, 10 Jun 2026 03:07:26 +0000 6964b2ec-cd06-4303-b4a9-fde09e3da0ac https://vulnerability.circl.lu/sighting/6964b2ec-cd06-4303-b4a9-fde09e3da0ac/export {"uuid": "6964b2ec-cd06-4303-b4a9-fde09e3da0ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11607", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mnws6y5lau2n", "content": "\ud83d\udd17 CVE : CVE-2026-11607, CVE-2026-47348, CVE-2026-47349, CVE-2026-47350, CVE-2026-47351, CVE-2026-47352, CVE-2026-49738, CVE-2026-49740, CVE-2026-49741, CVE-2026-49742", "creation_timestamp": "2026-06-10T13:15:34.246018Z"} {"uuid": "6964b2ec-cd06-4303-b4a9-fde09e3da0ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11607", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mnws6y5lau2n", "content": "\ud83d\udd17 CVE : CVE-2026-11607, CVE-2026-47348, CVE-2026-47349, CVE-2026-47350, CVE-2026-47351, CVE-2026-47352, CVE-2026-49738, CVE-2026-49740, CVE-2026-49741, CVE-2026-49742", "creation_timestamp": "2026-06-10T13:15:34.246018Z"} https://vulnerability.circl.lu/sighting/6964b2ec-cd06-4303-b4a9-fde09e3da0ac/export Wed, 10 Jun 2026 13:15:34 +0000 d8ae139d-5d6d-4622-8ff0-0308b52fc539 https://vulnerability.circl.lu/sighting/d8ae139d-5d6d-4622-8ff0-0308b52fc539/export {"uuid": "d8ae139d-5d6d-4622-8ff0-0308b52fc539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11607", "type": "seen", "source": "https://gist.github.com/alon710/c8f91d1124f67f3a6eb4c0158e814d5f", "content": "# CVE-2026-11607: CVE-2026-11607: Broken Access Control in TYPO3 CMS Form Framework\n\n> **CVSS Score:** 7.6\n> **Published:** 2026-06-12\n> **Full Report:** https://cvereports.com/reports/CVE-2026-11607\n\n## Summary\nCVE-2026-11607 is a critical broken access control vulnerability in TYPO3 CMS's Form Framework (ext:form). Authenticated backend users with access to the Form Framework can load unauthorized YAML configurations, bypassing file extension restrictions. This allows the execution of arbitrary SQL commands via the SaveToDatabase finisher, leading to privilege escalation to administrator level.\n\n## TL;DR\nAuthenticated backend users can bypass file extension restrictions to load malicious YAML configurations, executing arbitrary database commands and gaining full administrator privileges.\n\n## Technical Details\n\n- **CWE ID**: CWE-862\n- **Attack Vector**: Network\n- **CVSS v4.0**: 7.6\n- **EPSS Score**: 0.00414 (0.41%)\n- **Impact**: Privilege Escalation / Database Compromise\n- **Exploit Status**: None\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- TYPO3 CMS\n\n## Mitigation\n\n- Restrict access to the Form Framework backend module\n- Audit the fileadmin storage for unauthorized YAML files containing database finishers\n- Upgrade TYPO3 CMS to patched versions\n\n**Remediation Steps:**\n1. Verify existing user privileges and restrict form creation rights\n2. Scan files for 'SaveToDatabase' or 'DatabaseWriteFinisher' elements in unexpected file paths\n3. Apply TYPO3 core updates immediately according to the advisory release guidelines\n\n## References\n\n- [TYPO3 Security Advisory TYPO3-CORE-SA-2026-019](https://typo3.org/security/advisory/typo3-core-sa-2026-019)\n- [TYPO3 Git Commit 040d50](https://github.com/TYPO3/typo3/commit/040d50d082a01f9e8bd113effd91290a9bb3b69e)\n- [TYPO3 Git Commit 50974c](https://github.com/TYPO3/typo3/commit/50974c658f647f1aece347b5d6d5acc3c87f2dca)\n- [CVE Record CVE-2026-11607](https://www.cve.org/CVERecord?id=CVE-2026-11607)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-11607) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-15T14:11:12.000000Z"} {"uuid": "d8ae139d-5d6d-4622-8ff0-0308b52fc539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11607", "type": "seen", "source": "https://gist.github.com/alon710/c8f91d1124f67f3a6eb4c0158e814d5f", "content": "# CVE-2026-11607: CVE-2026-11607: Broken Access Control in TYPO3 CMS Form Framework\n\n> **CVSS Score:** 7.6\n> **Published:** 2026-06-12\n> **Full Report:** https://cvereports.com/reports/CVE-2026-11607\n\n## Summary\nCVE-2026-11607 is a critical broken access control vulnerability in TYPO3 CMS's Form Framework (ext:form). Authenticated backend users with access to the Form Framework can load unauthorized YAML configurations, bypassing file extension restrictions. This allows the execution of arbitrary SQL commands via the SaveToDatabase finisher, leading to privilege escalation to administrator level.\n\n## TL;DR\nAuthenticated backend users can bypass file extension restrictions to load malicious YAML configurations, executing arbitrary database commands and gaining full administrator privileges.\n\n## Technical Details\n\n- **CWE ID**: CWE-862\n- **Attack Vector**: Network\n- **CVSS v4.0**: 7.6\n- **EPSS Score**: 0.00414 (0.41%)\n- **Impact**: Privilege Escalation / Database Compromise\n- **Exploit Status**: None\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- TYPO3 CMS\n\n## Mitigation\n\n- Restrict access to the Form Framework backend module\n- Audit the fileadmin storage for unauthorized YAML files containing database finishers\n- Upgrade TYPO3 CMS to patched versions\n\n**Remediation Steps:**\n1. Verify existing user privileges and restrict form creation rights\n2. Scan files for 'SaveToDatabase' or 'DatabaseWriteFinisher' elements in unexpected file paths\n3. Apply TYPO3 core updates immediately according to the advisory release guidelines\n\n## References\n\n- [TYPO3 Security Advisory TYPO3-CORE-SA-2026-019](https://typo3.org/security/advisory/typo3-core-sa-2026-019)\n- [TYPO3 Git Commit 040d50](https://github.com/TYPO3/typo3/commit/040d50d082a01f9e8bd113effd91290a9bb3b69e)\n- [TYPO3 Git Commit 50974c](https://github.com/TYPO3/typo3/commit/50974c658f647f1aece347b5d6d5acc3c87f2dca)\n- [CVE Record CVE-2026-11607](https://www.cve.org/CVERecord?id=CVE-2026-11607)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-11607) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-15T14:11:12.000000Z"} https://vulnerability.circl.lu/sighting/d8ae139d-5d6d-4622-8ff0-0308b52fc539/export Mon, 15 Jun 2026 14:11:12 +0000 07e6eb34-b1b0-47a4-9ce1-b71e2062f213 https://vulnerability.circl.lu/sighting/07e6eb34-b1b0-47a4-9ce1-b71e2062f213/export {"uuid": "07e6eb34-b1b0-47a4-9ce1-b71e2062f213", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11607", "type": "seen", "source": "https://gist.github.com/alon710/fdb920b225c78ea2c8dd721ea2a1177a", "content": "# CVE-2026-11607: CVE-2026-11607: Broken Access Control in TYPO3 CMS Form Framework\n\n> **CVSS Score:** 7.6\n> **Published:** 2026-06-12\n> **Full Report:** https://cvereports.com/reports/CVE-2026-11607\n\n## Summary\nCVE-2026-11607 is a critical broken access control vulnerability in TYPO3 CMS's Form Framework (ext:form). Authenticated backend users with access to the Form Framework can load unauthorized YAML configurations, bypassing file extension restrictions. This allows the execution of arbitrary SQL commands via the SaveToDatabase finisher, leading to privilege escalation to administrator level.\n\n## TL;DR\nAuthenticated backend users can bypass file extension restrictions to load malicious YAML configurations, executing arbitrary database commands and gaining full administrator privileges.\n\n## Technical Details\n\n- **CWE ID**: CWE-862\n- **Attack Vector**: Network\n- **CVSS v4.0**: 7.6\n- **EPSS Score**: 0.00414 (0.41%)\n- **Impact**: Privilege Escalation / Database Compromise\n- **Exploit Status**: None\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- TYPO3 CMS\n\n## Mitigation\n\n- Restrict access to the Form Framework backend module\n- Audit the fileadmin storage for unauthorized YAML files containing database finishers\n- Upgrade TYPO3 CMS to patched versions\n\n**Remediation Steps:**\n1. Verify existing user privileges and restrict form creation rights\n2. Scan files for 'SaveToDatabase' or 'DatabaseWriteFinisher' elements in unexpected file paths\n3. Apply TYPO3 core updates immediately according to the advisory release guidelines\n\n## References\n\n- [TYPO3 Security Advisory TYPO3-CORE-SA-2026-019](https://typo3.org/security/advisory/typo3-core-sa-2026-019)\n- [TYPO3 Git Commit 040d50](https://github.com/TYPO3/typo3/commit/040d50d082a01f9e8bd113effd91290a9bb3b69e)\n- [TYPO3 Git Commit 50974c](https://github.com/TYPO3/typo3/commit/50974c658f647f1aece347b5d6d5acc3c87f2dca)\n- [CVE Record CVE-2026-11607](https://www.cve.org/CVERecord?id=CVE-2026-11607)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-11607) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-15T14:21:33.000000Z"} {"uuid": "07e6eb34-b1b0-47a4-9ce1-b71e2062f213", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11607", "type": "seen", "source": "https://gist.github.com/alon710/fdb920b225c78ea2c8dd721ea2a1177a", "content": "# CVE-2026-11607: CVE-2026-11607: Broken Access Control in TYPO3 CMS Form Framework\n\n> **CVSS Score:** 7.6\n> **Published:** 2026-06-12\n> **Full Report:** https://cvereports.com/reports/CVE-2026-11607\n\n## Summary\nCVE-2026-11607 is a critical broken access control vulnerability in TYPO3 CMS's Form Framework (ext:form). Authenticated backend users with access to the Form Framework can load unauthorized YAML configurations, bypassing file extension restrictions. This allows the execution of arbitrary SQL commands via the SaveToDatabase finisher, leading to privilege escalation to administrator level.\n\n## TL;DR\nAuthenticated backend users can bypass file extension restrictions to load malicious YAML configurations, executing arbitrary database commands and gaining full administrator privileges.\n\n## Technical Details\n\n- **CWE ID**: CWE-862\n- **Attack Vector**: Network\n- **CVSS v4.0**: 7.6\n- **EPSS Score**: 0.00414 (0.41%)\n- **Impact**: Privilege Escalation / Database Compromise\n- **Exploit Status**: None\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- TYPO3 CMS\n\n## Mitigation\n\n- Restrict access to the Form Framework backend module\n- Audit the fileadmin storage for unauthorized YAML files containing database finishers\n- Upgrade TYPO3 CMS to patched versions\n\n**Remediation Steps:**\n1. Verify existing user privileges and restrict form creation rights\n2. Scan files for 'SaveToDatabase' or 'DatabaseWriteFinisher' elements in unexpected file paths\n3. Apply TYPO3 core updates immediately according to the advisory release guidelines\n\n## References\n\n- [TYPO3 Security Advisory TYPO3-CORE-SA-2026-019](https://typo3.org/security/advisory/typo3-core-sa-2026-019)\n- [TYPO3 Git Commit 040d50](https://github.com/TYPO3/typo3/commit/040d50d082a01f9e8bd113effd91290a9bb3b69e)\n- [TYPO3 Git Commit 50974c](https://github.com/TYPO3/typo3/commit/50974c658f647f1aece347b5d6d5acc3c87f2dca)\n- [CVE Record CVE-2026-11607](https://www.cve.org/CVERecord?id=CVE-2026-11607)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-11607) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-15T14:21:33.000000Z"} https://vulnerability.circl.lu/sighting/07e6eb34-b1b0-47a4-9ce1-b71e2062f213/export Mon, 15 Jun 2026 14:21:33 +0000