umbraco

Top products

The 15 most recently published vulnerabilities affecting umbraco.

• CVE-2026-46609Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog4.6Jun 10, 2026
• CVE-2026-46616Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers5.4Jun 10, 2026
• CVE-2026-31834Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks7.2Mar 10, 2026
• CVE-2026-31833Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering6.7Mar 10, 2026
• CVE-2026-31832Umbraco Backoffice API Allows Unauthorized Modification of Domain Data5.4Mar 10, 2026
• CVE-2026-27449Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints7.5Feb 26, 2026
• CVE-2026-24687Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac6.5Jan 29, 2026
• CVE-2025-68924In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a data source for remote code execution.7.5Jan 16, 2026
• CVE-2021-47776Umbraco v8.14.1 - 'baseUrl' SSRF5.3Jan 15, 2026
• CVE-2025-67288An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsi...10.0Dec 22, 2025
• CVE-2025-66625Umbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import Functionality4.9Dec 9, 2025
• CVE-2012-10054Umbraco CMS < 4.7.1 codeEditorSave.asmx RCE9.8Aug 13, 2025
• CVE-2025-54425Umbraco's Delivery API allows for cached requests to be returned with an invalid API key5.3Jul 30, 2025
• CVE-2025-49147Umbraco.Cms Vulnerable to Disclosure of Configured Password Requirements5.3Jun 24, 2025
• CVE-2025-48953Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads5.5Jun 3, 2025