| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-31834 | Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks | umbraco | Umbraco-CMS | High | 7.2 | 2026-03-10 21:53:49 | Deep Dive |
| CVE-2026-31833 | Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering | umbraco | Umbraco-CMS | Medium | 6.7 | 2026-03-10 21:51:51 | Deep Dive |
| CVE-2026-31832 | Umbraco Backoffice API Allows Unauthorized Modification of Domain Data | umbraco | Umbraco-CMS | Medium | 5.4 | 2026-03-10 21:49:55 | Deep Dive |
| CVE-2026-27449 | Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints | umbraco | Umbraco.Engage.Forms | High | 7.5 | 2026-02-26 21:51:15 | Deep Dive |
| CVE-2026-24687 | Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac | umbraco | Umbraco.Forms.Issues | - | - | 2026-01-29 19:57:24 | Deep Dive |
| CVE-2025-68924 | Umbraco Forms 安全漏洞 | Umbraco | Forms | High | 7.5 | 2026-01-16 00:00:00 | Deep Dive |
| CVE-2021-47776 | Umbraco v8.14.1 - 'baseUrl' SSRF | umbraco | Umbraco | Medium | 5.3 | 2026-01-15 15:52:14 | Deep Dive |
| CVE-2025-66625 | Umbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import Functionality | umbraco | Umbraco-CMS | Medium | 4.9 | 2025-12-09 20:09:27 | Deep Dive |
| CVE-2012-10054 | Umbraco CMS < 4.7.1 codeEditorSave.asmx RCE | Umbraco | CMS | - | - | 2025-08-13 20:54:39 | Deep Dive |
| CVE-2025-54425 | Umbraco's Delivery API allows for cached requests to be returned with an invalid API key | umbraco | Umbraco-CMS | Medium | 5.3 | 2025-07-30 13:41:08 | Deep Dive |
| CVE-2025-49147 | Umbraco.Cms Vulnerable to Disclosure of Configured Password Requirements | umbraco | Umbraco-CMS | Medium | 5.3 | 2025-06-24 17:37:08 | Deep Dive |
| CVE-2025-48953 | Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads | umbraco | Umbraco-CMS | Medium | 5.5 | 2025-06-03 18:19:29 | Deep Dive |
| CVE-2025-47280 | Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow | umbraco | Umbraco.Forms.Issues | - | - | 2025-05-13 17:06:57 | Deep Dive |
| CVE-2025-46736 | Umbraco Makes User Enumeration Feasible Based on Timing of Login Response | umbraco | Umbraco-CMS | Medium | 5.3 | 2025-05-06 17:08:24 | Deep Dive |
| CVE-2025-32017 | Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users | umbraco | Umbraco-CMS | High | 8.8 | 2025-04-08 15:37:24 | Deep Dive |
| CVE-2025-27602 | Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content | umbraco | Umbraco-CMS | Medium | 4.9 | 2025-03-11 15:32:11 | Deep Dive |
| CVE-2025-27601 | Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality | umbraco | Umbraco-CMS | Medium | 4.3 | 2025-03-11 15:30:10 | Deep Dive |
| CVE-2025-24012 | Umbraco Backoffice Components Have XSS/HTML Injection Vulnerability | umbraco | Umbraco-CMS | Medium | 4.6 | 2025-01-21 15:32:44 | Deep Dive |
| CVE-2025-24011 | Umbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response Codes | umbraco | Umbraco-CMS | Medium | 5.3 | 2025-01-21 15:27:30 | Deep Dive |
| CVE-2025-23041 | Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length in Umbraco.Forms | umbraco | Umbraco.Forms.Issues | Medium | 5.8 | 2025-01-14 18:54:45 | Deep Dive |