CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

NVD•added 2026/03/10 10:16 p.m.•4 views

CVE-2026-31834

Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be able to elevate their privileges due to insufficient...

7.2CVSS0.00257EPSS

Exploits0References1

OSV•added 2026/03/10 9:53 p.m.•4 views

CVE-2026-31834 Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks

7.2CVSS5.7AI score0.00257EPSS

Exploits0References3

EUVD•added 2025/12/22 9:30 p.m.•7 views

EUVD-2025-204737

Umbraco CMS has an arbitrary file upload vulnerability...

10CVSS6.7AI score0.00504EPSS

Exploits0References4

Positive Technologies•added 2025/12/22 12:0 a.m.•5 views

PT-2025-52674

Name of the Vulnerable Software and Affected Versions Umbraco CMS version 16.3.3 Description An arbitrary file upload issue exists in Umbraco CMS version 16.3.3. Attackers can potentially execute arbitrary code by uploading a specially crafted PDF file. The supplier disputes responsibility, stati...

10CVSS7.4AI score0.00504EPSS

Exploits0References13

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-3159

Malicious code in bioql PyPI...

4.2CVSS6.4AI score0.00247EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-3039

Malicious code in bioql PyPI...

4.2CVSS6.4AI score0.00245EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2024-2935

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00376EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-3134

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00387EPSS

Exploits0References4

CNNVD•added 2025/08/13 12:0 a.m.•4 views

Umbraco CMS 安全漏洞

Umbraco CMS is a content management system from Umbraco, Denmark. A security vulnerability exists in Umbraco CMS versions prior to 4.7.1, which stems from the presence of path traversal in the codeEditorSave.asmx endpoint, which could lead to remote code execution...

9.8CVSS7.7AI score0.02636EPSS

Exploits1References8

RedhatCVE•added 2025/05/23 7:30 a.m.•8 views

CVE-2024-48927

Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full...

4.6CVSS7.8AI score0.00428EPSS

Exploits0

CVE•added 2025/05/06 5:8 p.m.•72 views

CVE-2025-46736

CVE-2025-46736 affects the Umbraco CMS (a .NET-based open source content management system). The issue allows user enumeration by analyzing the timing of post-login API responses, enabling an attacker to determine if an account exists. Affected versions are prior to 10.8.10 and 13.8.1. The vulner...

5.3CVSS5.2AI score0.00306EPSS

Exploits0References3Affected Software1

NVD•added 2025/03/11 4:15 p.m.•14 views

CVE-2025-27602

Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's possible for authenticated backoffice users to retrieve or delete content or media held within folde...

6.4CVSS0.0028EPSS

Exploits0References3

OSV•added 2025/03/11 3:32 p.m.•8 views

CVE-2025-27602 Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content

4.9CVSS6.2AI score0.0028EPSS

Exploits0References5

Cvelist•added 2025/03/11 3:32 p.m.•19 views

CVE-2025-27602 Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content

4.9CVSS0.0028EPSS

Exploits0References3

NVD•added 2024/10/22 4:15 p.m.•29 views

CVE-2024-48926

Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout page with a session timeout message before the server...

4.2CVSS0.00245EPSS

Exploits0References1

CNNVD•added 2024/10/22 12:0 a.m.•1 views

Umbraco CMS 授权问题漏洞

Umbraco CMS is a content management system from Umbraco, Denmark. An authorization issue vulnerability exists in Umbraco CMS that stems from a server session not being fully terminated during an explicit logout...

4.2CVSS6.8AI score0.00247EPSS

Exploits0References2

Snyk•added 2023/12/12 8:52 p.m.•3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure due to improper configuration of the SMTP settings combined with enabled password reset functionality. An attacker can enumerate user accounts by observing the behavior of the password reset feature. Remediation...

5.3CVSS7AI score0.0046EPSS

Exploits0References2

CNNVD•added 2023/05/18 12:0 a.m.•3 views

Umbraco 安全漏洞

Umbraco is an open source Content Management System CMS written in C by the Danish company Umbraco. A security vulnerability exists in Umbraco CMS version 7.12.4, which originates from a vulnerability that allows an authenticated administrator to execute remote code via msxsl:script in...

7.2CVSS7.4AI score0.0412EPSS

Exploits1References5