浏览 40+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-31834 | Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks | umbraco | Umbraco-CMS | High | 7.2 | 2026-03-10 21:53:49 | Deep Dive |
| CVE-2026-31833 | Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering | umbraco | Umbraco-CMS | Medium | 6.7 | 2026-03-10 21:51:51 | Deep Dive |
| CVE-2026-31832 | Umbraco Backoffice API Allows Unauthorized Modification of Domain Data | umbraco | Umbraco-CMS | Medium | 5.4 | 2026-03-10 21:49:55 | Deep Dive |
| CVE-2025-66625 | Umbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import Functionality | umbraco | Umbraco-CMS | Medium | 4.9 | 2025-12-09 20:09:27 | Deep Dive |
| CVE-2012-10054 | Umbraco CMS < 4.7.1 codeEditorSave.asmx RCE | Umbraco | CMS | - | - | 2025-08-13 20:54:39 | Deep Dive |
| CVE-2025-54425 | Umbraco's Delivery API allows for cached requests to be returned with an invalid API key | umbraco | Umbraco-CMS | Medium | 5.3 | 2025-07-30 13:41:08 | Deep Dive |
| CVE-2025-49147 | Umbraco.Cms Vulnerable to Disclosure of Configured Password Requirements | umbraco | Umbraco-CMS | Medium | 5.3 | 2025-06-24 17:37:08 | Deep Dive |
| CVE-2025-48953 | Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads | umbraco | Umbraco-CMS | Medium | 5.5 | 2025-06-03 18:19:29 | Deep Dive |
| CVE-2025-46736 | Umbraco Makes User Enumeration Feasible Based on Timing of Login Response | umbraco | Umbraco-CMS | Medium | 5.3 | 2025-05-06 17:08:24 | Deep Dive |
| CVE-2025-32017 | Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users | umbraco | Umbraco-CMS | High | 8.8 | 2025-04-08 15:37:24 | Deep Dive |
| CVE-2025-27602 | Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content | umbraco | Umbraco-CMS | Medium | 4.9 | 2025-03-11 15:32:11 | Deep Dive |
| CVE-2025-27601 | Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality | umbraco | Umbraco-CMS | Medium | 4.3 | 2025-03-11 15:30:10 | Deep Dive |
| CVE-2025-24012 | Umbraco Backoffice Components Have XSS/HTML Injection Vulnerability | umbraco | Umbraco-CMS | Medium | 4.6 | 2025-01-21 15:32:44 | Deep Dive |
| CVE-2025-24011 | Umbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response Codes | umbraco | Umbraco-CMS | Medium | 5.3 | 2025-01-21 15:27:30 | Deep Dive |
| CVE-2024-10761 | Umbraco CMS Dashboard frame cross site scripting | Umbraco | CMS | Medium | 4.3 | 2024-11-04 05:00:07 | Deep Dive |
| CVE-2024-48929 | Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out | umbraco | Umbraco-CMS | Medium | 4.2 | 2024-10-22 15:54:24 | Deep Dive |
| CVE-2024-48927 | Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice | umbraco | Umbraco-CMS | Medium | 4.6 | 2024-10-22 15:50:47 | Deep Dive |
| CVE-2024-48926 | Umbraco CMS logout page displayed before session expiration | umbraco | Umbraco-CMS | Medium | 4.2 | 2024-10-22 15:47:33 | Deep Dive |
| CVE-2024-48925 | Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API | umbraco | Umbraco-CMS | None | 0.0 | 2024-10-22 15:27:24 | Deep Dive |
| CVE-2024-47819 | Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section | umbraco | Umbraco-CMS | Medium | 4.2 | 2024-10-22 15:25:04 | Deep Dive |