Lucene search
K

6 matches found

Snyk
Snyk
added 2026/03/11 12:37 a.m.8 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management due to insufficient authorization enforcement when modifying user group memberships. An attacker can gain higher-level privileges by assigning highly privileged roles without proper validation of their own...

8.6CVSS5.8AI score0.00257EPSS
Exploits0References2
Veracode
Veracode
added 2026/02/21 5:2 a.m.7 views

Path Traversal

Umbraco Forms is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of file paths, where an authenticated backoffice-user can enumerate and traverse paths/files on the system's filesystem and read their contents, particularly on Mac/Linux Umbraco installations using...

6.5CVSS5.3AI score0.0042EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/30 9:23 p.m.9 views

CVE-2026-24687

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

6.5CVSS5.9AI score0.0042EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/29 8:51 p.m.16 views

Directory Traversal

Overview Umbraco.Forms is an a form creator that's as easy to use. Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter of the export endpoint. An attacker can access and read arbitrary files on the filesystem by submitting specially crafted requests...

6.5CVSS6.3AI score0.0042EPSS
Exploits0References2
OSV
OSV
added 2026/01/29 7:57 p.m.5 views

CVE-2026-24687 Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

6CVSS5.8AI score0.0042EPSS
Exploits0References3
CVE
CVE
added 2026/01/29 7:57 p.m.19 views

CVE-2026-24687

Umbraco.Forms (forms component for Umbraco CMS) is affected on Mac/Linux installations using Forms. The vulnerability allows an authenticated backoffice user to enumerate and traverse filesystem paths via the fileName parameter of the export endpoint (/umbraco/forms/api/v1/export), enabling read ...

6.5CVSS5.9AI score0.0042EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder