Lucene search
K

343 matches found

Vulnrichment
Vulnrichment
added 2026/03/10 9:49 p.m.3 views

CVE-2026-31832 Umbraco Backoffice API Allows Unauthorized Modification of Domain Data

Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by...

5.4CVSS5.8AI score0.00179EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/10 9:49 p.m.4 views

CVE-2026-31832

Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by...

5.4CVSS5.8AI score0.00179EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/10 9:49 p.m.32 views

CVE-2026-31832 Umbraco Backoffice API Allows Unauthorized Modification of Domain Data

Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by...

5.4CVSS0.00179EPSS
Exploits0References1
OSV
OSV
added 2026/03/10 9:49 p.m.4 views

CVE-2026-31832 Umbraco Backoffice API Allows Unauthorized Modification of Domain Data

Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by...

5.4CVSS5.8AI score0.00179EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.8 views

PT-2026-24487

Name of the Vulnerable Software and Affected Versions Umbraco versions 15.3.1 through 16.5.0 Umbraco version 17.2.2 Description Umbraco CMS contains a privilege escalation issue. Authenticated backoffice users with user management permissions may be able to gain elevated privileges due to...

7.2CVSS5.7AI score0.00257EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.9 views

PT-2026-24486

Name of the Vulnerable Software and Affected Versions Umbraco versions 16.2.0 through 16.5.0 Umbraco version 17.2.2 Description Umbraco is an ASP.NET CMS. An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. The issue stems from an...

6.7CVSS5.8AI score0.0026EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.6 views

PT-2026-24485

Name of the Vulnerable Software and Affected Versions Umbraco versions 14.0.0 through 16.5.0 Umbraco version 17.2.2 Description Umbraco, an ASP.NET CMS, contains a flaw in a backoffice API endpoint related to object-level authorization. Authenticated users can assign domain-related data to conten...

5.4CVSS5.8AI score0.00179EPSS
Exploits0References4
Veracode
Veracode
added 2026/02/21 5:2 a.m.6 views

Path Traversal

Umbraco Forms is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of file paths, where an authenticated backoffice-user can enumerate and traverse paths/files on the system's filesystem and read their contents, particularly on Mac/Linux Umbraco installations using...

6.5CVSS5.3AI score0.0042EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/30 9:23 p.m.7 views

CVE-2026-24687

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

6.5CVSS5.9AI score0.0042EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/01/30 2:43 p.m.11 views

Umbraco.Forms has Path Traversal and File Enumeration Vulnerabilities in Linux/Mac

Impact It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud runs in a Windows environment, Cloud users aren't affected. Patches This issue affect...

6.5CVSS5.9AI score0.0042EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/01/30 2:43 p.m.7 views

EUVD-2026-4966

Umbraco.Forms has Path Traversal and File Enumeration Vulnerabilities in Linux/Mac...

6CVSS5.9AI score0.0042EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/29 8:51 p.m.16 views

Directory Traversal

Overview Umbraco.Forms is an a form creator that's as easy to use. Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter of the export endpoint. An attacker can access and read arbitrary files on the filesystem by submitting specially crafted requests...

6.5CVSS6.3AI score0.0042EPSS
Exploits0References2
NVD
NVD
added 2026/01/29 8:16 p.m.7 views

CVE-2026-24687

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

6.5CVSS0.0042EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/29 7:57 p.m.24 views

CVE-2026-24687 Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

6CVSS0.0042EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/29 7:57 p.m.6 views

CVE-2026-24687 Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

6CVSS5.9AI score0.0042EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/29 7:57 p.m.5 views

CVE-2026-24687

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

6CVSS5.9AI score0.0042EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/29 7:57 p.m.4 views

CVE-2026-24687 Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

6CVSS5.8AI score0.0042EPSS
Exploits0References3
CVE
CVE
added 2026/01/29 7:57 p.m.18 views

CVE-2026-24687

Umbraco.Forms (forms component for Umbraco CMS) is affected on Mac/Linux installations using Forms. The vulnerability allows an authenticated backoffice user to enumerate and traverse filesystem paths via the fileName parameter of the export endpoint (/umbraco/forms/api/v1/export), enabling read ...

6.5CVSS5.9AI score0.0042EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.11 views

PT-2026-5347

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

6CVSS5.9AI score0.0042EPSS
Exploits0References2
Veracode
Veracode
added 2026/01/28 7:34 a.m.5 views

Sensitive Information Disclosure

Umbraco.cms is vulnerable to Sensitive Information Disclosure. The vulnerability is due to unsafe handling and cleanup of temporary files during the dictionary upload process, which allows an attacker with backoffice access to infer the existence of arbitrary files on the server and, in some...

4.9CVSS6AI score0.00301EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder