Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management due to insufficient authorization enforcement when modifying user group memberships. An attacker can gain higher-level privileges by assigning highly privileged roles without proper validation of their own...

CVE-2026-31833 Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering

Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overly permissive attributeNameCheck configuration /.+/ in the UFM DOMPurify instance, event handler...

PT-2026-24487

Name of the Vulnerable Software and Affected Versions Umbraco versions 15.3.1 through 16.5.0 Umbraco version 17.2.2 Description Umbraco CMS contains a privilege escalation issue. Authenticated backoffice users with user management permissions may be able to gain elevated privileges due to...

CVE-2023-32264

CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability could allow upload arbitrary code and execute it on the client's computer...

CVE-2023-32264

CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability could allow upload arbitrary code and execute it on the client's computer...

PT-2024-12309 · Opentext · Opentext Documentum D2

Name of the Vulnerable Software and Affected Versions: OpenText Documentum D2 versions 16.5.1 through CE 23.2 Description: The issue allows the upload of arbitrary code, which can then be executed on the client's computer. This could potentially lead to malicious activities. Recommendations: For...