Umbraco Cms@* Security Vulnerabilities and Issues — Umbraco Cms@* CVE List

Lucene search

UmbracoUmbraco Cms*

8 matches found

CVE•added 2025/03/11 4:15 p.m.•94 views

CVE-2025-27602

Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's possible for authenticated backoffice users to retrieve or delete content or media held within folders...

4.9CVSS5AI score0.00049EPSS

CVE•added 2025/01/21 4:15 p.m.•86 views

CVE-2025-24011

Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco management API responses. Versions 14.3.2 and 15.1....

5.3CVSS5.3AI score0.12618EPSS

CVE•added 2025/06/03 7:15 p.m.•84 views

CVE-2025-48953

Umbraco is an ASP.NET content management system (CMS). Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it's possible to upload a file that doesn't adhere with the configured allowable file extensions via a manipulated API request. The issue is patched in versions 15.4.2 and 16.0...

5.5CVSS5.4AI score0.00037EPSS

CVE•added 2025/03/11 4:15 p.m.•74 views

CVE-2025-27601

Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be rest...

4.3CVSS4.4AI score0.00049EPSS

CVE•added 2025/04/08 4:15 p.m.•69 views

CVE-2025-32017

Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. The issue affects Umbraco 14+ and is patched in 14.3.4 and ...

8.8CVSS7.1AI score0.00083EPSS

CVE•added 2025/05/06 5:16 p.m.•53 views

CVE-2025-46736

Umbraco is a free and open source .NET content management system. Prior to versions 10.8.10 and 13.8.1, based on an analysis of the timing of post login API responses, it's possible to determine whether an account exists. The issue is patched in versions 10.8.10 and 13.8.1. No known workarounds are...

5.3CVSS5.2AI score0.00041EPSS

CVE•added 2025/01/21 4:15 p.m.•52 views

CVE-2025-24012

Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 contain...

5.4CVSS4.5AI score0.00038EPSS

CVE•added 2025/06/24 6:15 p.m.•9 views

CVE-2025-49147

Umbraco, a free and open source .NET content management system, has a vulnerability in versions 10.0.0 through 10.8.10 and 13.0.0 through 13.9.1. Via a request to an anonymously authenticated endpoint it's possible to retrieve information about the configured password requirements. The information ...

5.3CVSS6.9AI score0.00039EPSS