It has been discovered that improper error handling could lead to cache flooding in TYPO3 Core and that the prepared statement database API potentially allows SQL Injections.

More... (http://news.typo3.org/news/article/multiple-security-issues-found-in-typo3-core-5/)