| CVE-2026-46609 |
medium |
— |
5.5 |
|
|
|
8d ago |
Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog |
| CVE-2026-46616 |
medium |
— |
5.5 |
|
|
|
8d ago |
Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers |
| CVE-2026-31834 |
unknown |
— |
— |
|
|
|
3mo ago |
Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks |
| CVE-2026-31833 |
unknown |
— |
— |
|
|
|
3mo ago |
Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering |
| CVE-2026-31832 |
unknown |
— |
— |
|
|
|
3mo ago |
Umbraco Backoffice API Allows Unauthorized Modification of Domain Data |
| CVE-2025-67288 |
unknown |
— |
— |
|
|
|
5mo ago |
Umbraco CMS has an arbitrary file upload vulnerability |
| CVE-2025-66625 |
unknown |
— |
— |
|
|
|
6mo ago |
Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality |
| CVE-2025-49147 |
unknown |
— |
— |
|
|
|
11mo ago |
Umbraco CMS disclosure of configured password requirements |
| CVE-2025-48953 |
unknown |
— |
— |
|
|
|
1y ago |
Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads |
| CVE-2025-46736 |
unknown |
— |
— |
|
|
|
1y ago |
Umbraco Makes User Enumeration Feasible Based on Timing of Login Response |
| CVE-2025-32017 |
unknown |
— |
— |
|
|
|
1y ago |
Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users |
| CVE-2024-10761 |
unknown |
— |
— |
|
|
|
1y ago |
XSS/HTML Injection Vulnerability in Umbraco Preview Badge |
| CVE-2025-24011 |
unknown |
— |
— |
|
|
|
1y ago |
Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes |
| CVE-2024-48927 |
unknown |
— |
— |
|
|
|
2y ago |
Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice |
| CVE-2024-43377 |
unknown |
— |
— |
|
|
|
2y ago |
Umbraco CMS Improper Access Control vulnerability |