Lucene search
K

6 matches found

Snyk
Snyk
added 2025/06/03 6:43 p.m.3 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload through a manipulated API request. An attacker can upload unauthorized files by crafting a request that bypasses the configured file extension checks. Remediation Upgrade Umbraco.Cms.Core to version 15.4.2,...

7.1CVSS7.1AI score0.00159EPSS
Exploits0References2
Snyk
Snyk
added 2025/05/06 4:38 p.m.1 views

Observable Response Discrepancy

Overview Affected versions of this package are vulnerable to Observable Response Discrepancy due to the timing analysis of post-login API responses. An attacker can determine if a specific user account exists by observing the response times. Remediation Upgrade Umbraco.Cms.Core to version 10.8.10...

6.9CVSS6.8AI score0.00318EPSS
Exploits0References2
Snyk
Snyk
added 2025/01/21 9:21 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure which allows an attacker to determine the existence of user accounts by analyzing the response times and codes. Remediation Upgrade Umbraco.Cms.Core to version 14.3.2, 15.1.2 or higher. References - GitHub Commit -...

6.9CVSS6.8AI score0.01451EPSS
Exploits1References2
Snyk
Snyk
added 2024/05/21 1:40 p.m.4 views

URL Redirection to Untrusted Site ('Open Redirect')

Overview Affected versions of this package are vulnerable to URL Redirection to Untrusted Site 'Open Redirect' in the endpoint of the library. An attacker can redirect users to malicious sites by exploiting the open redirect vulnerability. Remediation Upgrade Umbraco.Cms.Core to version 8.18.14,...

6.1CVSS6.8AI score0.00375EPSS
Exploits0References2
Snyk
Snyk
added 2024/04/17 2:41 p.m.3 views

Information Exposure

Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to Information Exposure due to the logging of failing webhooks when the solution is not in debug mode. An attacker can obtain critical information that should not be accessible externally by exploiting th...

5.3CVSS6.8AI score0.00431EPSS
Exploits0References2
Snyk
Snyk
added 2023/12/12 8:52 p.m.4 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' due to insufficient validation of user-supplied input in the package creation functionality. An attacker with permission to...

7.7CVSS6.8AI score0.00624EPSS
Exploits0References2
Rows per page
Query Builder