It has been discovered that TYPO3 Core is vulnerable to Broken Authentication and Session Management, Cross-Site Scripting, Insecure Randomness and Remote Command Execution.

More... (http://news.typo3.org/news/article/multiple-security-issues-found-in-typo3-core-1/)