CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

Veracode•added 2026/01/19 9:35 a.m.•4 views

Remote Code Execution (RCE)

UmbracoForms is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of user-supplied WSDL URLs used as data sources, which allows an authenticated attacker to supply a malicious web service definition and execute arbitrary code on the server...

7.5CVSS6.3AI score0.00681EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2026/01/17 12:23 a.m.•7 views

CVE-2025-68924

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

7.5CVSS7.5AI score0.00681EPSS

Exploits0References1

ATTACKERKB•added 2026/01/16 12:0 a.m.•4 views

CVE-2025-68924

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

7.5CVSS5.9AI score0.00681EPSS

Exploits0References4

EUVD•added 2026/01/16 12:0 a.m.•3 views

EUVD-2026-2099

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

7.5CVSS7.4AI score0.00681EPSS

Exploits0References7

Cvelist•added 2026/01/16 12:0 a.m.•18 views

CVE-2025-68924

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

7.5CVSS0.00681EPSS

Exploits0References3

Snyk•added 2026/01/13 7:54 p.m.•4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview UmbracoForms is a tool that makes creating contact forms, entry forms and questionnaires just as easy as using Word. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the dynamic SOAP client generation...

9.9CVSS7.6AI score0.00681EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-0545

Malware in sbrugna...

7.5CVSS7.5AI score0.00902EPSS

Exploits0References3

Snyk•added 2025/01/14 7:41 p.m.•1 views

Improper Input Validation

Overview UmbracoForms is a tool that makes creating contact forms, entry forms and questionnaires just as easy as using Word. Affected versions of this package are vulnerable to Improper Input Validation due to the lack of server-side validation for character limits in short and long answer field...

6.9CVSS6.9AI score0.00363EPSS

Exploits0References2

Github Security Blog•added 2020/07/29 5:29 p.m.•59 views

Insecure defaults in UmbracoForms

This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that...

7.5CVSS3.6AI score0.00902EPSS

Exploits0References3Affected Software1

OSV•added 2020/07/29 5:29 p.m.•18 views

GHSA-8M73-W2R2-6XXJ Insecure defaults in UmbracoForms

7.5CVSS7.6AI score0.00902EPSS

Exploits0References2

Veracode•added 2020/07/29 5:36 a.m.•17 views

Insecure Defaults

umbracoforms uses insecure defaults. The vulnerability exists as the default configuration for upload forms does not restrict file types in uploads...

7.5CVSS2.5AI score0.00902EPSS

Exploits0References2Affected Software1

NVD•added 2020/07/28 5:15 p.m.•29 views

CVE-2020-7685

7.5CVSS6.2AI score0.00902EPSS

Exploits0References1

Prion•added 2020/07/28 5:15 p.m.•16 views

Default configuration

5CVSS7.6AI score0.00902EPSS

Exploits0References1

CVE•added 2020/07/28 4:25 p.m.•87 views

CVE-2020-7685

CVE-2020-7685 affects UmbracoForms (all versions). The issue arises when using the default configuration for file uploads, which permits uploading arbitrary file types. A mitigation path is described: implement a custom workflow and frontend validation to block disallowed file types according to ...

7.5CVSS6.5AI score0.00902EPSS

Exploits0References1Affected Software1

Cvelist•added 2020/07/28 4:25 p.m.•32 views

CVE-2020-7685 Insecure Defaults

5.4CVSS7.6AI score0.00902EPSS

Exploits0References1

Positive Technologies•added 2020/07/28 12:0 a.m.•3 views

PT-2020-19708 · Umbraco · Umbraco Forms

Name of the Vulnerable Software and Affected Versions: UmbracoForms versions all versions Description: The issue allows uploading arbitrary file types when using the default configuration for upload forms. Users can mitigate this by creating a custom workflow and frontend validation to block...

7.5CVSS7.5AI score0.00902EPSS

Exploits0References3

Snyk•added 2020/07/24 2:46 p.m.•3 views

Insecure Defaults

Overview UmbracoForms is a tool that makes creating contact forms, entry forms and questionnaires just as easy as using Word. Affected versions of this package are vulnerable to Insecure Defaults. When using the default configuration for upload forms, it is possible to upload arbitrary file types...

7.5CVSS6.8AI score0.00902EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by