Lucene search
K

343 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.5 views

CVE-2023-49089

Umbraco is an ASP.NET content management system CMS. Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0...

7.7CVSS6.8AI score0.00624EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 8:19 p.m.6 views

CVE-2025-66625

Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500...

4.9CVSS6.9AI score0.00313EPSS
Exploits0References1
OSV
OSV
added 2025/12/10 6:20 p.m.4 views

GHSA-X93P-W2CH-FG67 Ibexa User Bundle is missing password change validation

Impact The vulnerability is in the password change dialog in the back office. During the transition from v4 to v5 a mistake was made in the validation code which caused the validation of the previous password to not run as expected. This made it possible for a logged in user to change password in...

9.3CVSS6.9AI score0.00123EPSS
Exploits0References5
Veracode
Veracode
added 2025/12/10 6:42 a.m.7 views

Account Hijacking

prestashop/pscheckout is vulnerable to Account hijacking. The vulnerability is due to the incorrect use of arraysearch in the backoffice logic, which allows an attacker to hijack the targeted PayPal merchant account...

3.8CVSS5.5AI score0.00246EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/12/09 8:15 p.m.11 views

CVE-2025-66625

Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500...

4.9CVSS0.00313EPSS
Exploits0References2
CVE
CVE
added 2025/12/09 8:9 p.m.18 views

CVE-2025-66625

CVE-2025-66625 affects Umbraco CMS (ASP.NET) versions 10.0.0–13.12.0. During the dictionary upload process, unsafe handling/deletion of temporary files enables a backoffice attacker to trigger predictable requests to temporary file paths, causing error responses (HTTP 500 if a file exists, 404 if...

4.9CVSS6.5AI score0.00313EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/12/09 8:9 p.m.26 views

CVE-2025-66625 Umbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import Functionality

Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500...

4.9CVSS0.00313EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/09 8:9 p.m.3 views

CVE-2025-66625 Umbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import Functionality

Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500...

4.9CVSS6.5AI score0.00313EPSS
Exploits0References2
OSV
OSV
added 2025/12/09 8:9 p.m.5 views

CVE-2025-66625 Umbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import Functionality

Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500...

4.9CVSS6.7AI score0.00313EPSS
Exploits0References4
OSV
OSV
added 2025/12/09 5:12 p.m.5 views

GHSA-HFV2-PF68-M33X Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality

Impact Due to unsafe handling and deletion of temporary files during the dictionary upload process, an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500 when a file exists, 404 when it does not allow the...

4.9CVSS6.7AI score0.00313EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/09 5:12 p.m.3 views

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties in the dictionary import process. An attacker can enumerate the existence of arbitrary files on the server's filesystem and, in certain configurations, may expose the NTLM hash of the...

6.9CVSS6.9AI score0.00313EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/12/09 5:12 p.m.7 views

Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality

Impact Due to unsafe handling and deletion of temporary files during the dictionary upload process, an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500 when a file exists, 404 when it does not allow the...

4.9CVSS6.8AI score0.00313EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-50229

Name of the Vulnerable Software and Affected Versions Umbraco versions 10.0.0 through 13.12.0 Description Umbraco, an ASP.NET CMS, experiences an issue related to the unsafe handling and deletion of temporary files during the dictionary upload process. An attacker with backoffice access can...

4.9CVSS6.8AI score0.00313EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/10 4:31 p.m.2 views

Malicious code in mpesa-backoffice-ekyc-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55257288d3f483f60af585ba393105e594b34c61b2f676965ddb462c5a2ab4e6 The package mpesa-backoffice-ekyc-backend was found to contain malicious code...

7AI score
Exploits0
EUVD
EUVD
added 2025/11/10 4:31 p.m.1 views

EUVD-2025-44065

Malicious code in mpesa-backoffice-ekyc-backend npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/11/10 4:31 p.m.1 views

MAL-2025-55034 Malicious code in mpesa-backoffice-ekyc-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55257288d3f483f60af585ba393105e594b34c61b2f676965ddb462c5a2ab4e6 The package mpesa-backoffice-ekyc-backend was found to contain malicious code...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/10/17 5:39 p.m.6 views

CVE-2025-61924

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP arraysearch. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known...

3.8CVSS6.8AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/17 5:39 p.m.9 views

CVE-2025-61923

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in a directory traversal and arbitrary file disclosure. The vulnerability is fixed in versions 4.4.1 and 5.0.5. N...

4.1CVSS6.8AI score0.00839EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/16 8:0 p.m.5 views

EUVD-2025-34788

PrestaShop Checkout Target PayPal merchant account hijacking from backoffice...

3.8CVSS6.4AI score0.00246EPSS
Exploits0References2
OSV
OSV
added 2025/10/16 7:59 p.m.5 views

GHSA-FPXP-PFQM-X54W PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure

Impact Missing validation on input vulnerable to directory traversal. Patches The problem has been patched in versions: v4.4.1 for PrestaShop 1.7 build number: 7.4.4.1 v4.4.1 for PrestaShop 8 build number: 8.4.4.1 v5.0.5 for PrestaShop 1.7 build number: 7.5.0.5 v5.0.5 for PrestaShop 8 build numbe...

4.1CVSS6.9AI score0.00839EPSS
Exploits0References3
Rows per page
Query Builder