Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Umbraco-CMS — Vulnerabilities & Security Advisories 33

All 33 CVE vulnerabilities found in Umbraco-CMS, with AI-generated Chinese analysis, references, and POCs.

Vendor: umbraco

CVE IDTitleCVSSSeverityPublished
CVE-2026-31834 Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks CWE-269 7.2 High2026-03-10
CVE-2026-31833 Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering CWE-79 6.7 Medium2026-03-10
CVE-2026-31832 Umbraco Backoffice API Allows Unauthorized Modification of Domain Data CWE-639 5.4 Medium2026-03-10
CVE-2025-66625 Umbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import Functionality CWE-200 4.9 Medium2025-12-09
CVE-2025-54425 Umbraco's Delivery API allows for cached requests to be returned with an invalid API key CWE-200 5.3 Medium2025-07-30
CVE-2025-49147 Umbraco.Cms Vulnerable to Disclosure of Configured Password Requirements CWE-497 5.3 Medium2025-06-24
CVE-2025-48953 Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads CWE-434 5.5 Medium2025-06-03
CVE-2025-46736 Umbraco Makes User Enumeration Feasible Based on Timing of Login Response CWE-204 5.3 Medium2025-05-06
CVE-2025-32017 Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users CWE-23 8.8 High2025-04-08
CVE-2025-27602 Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content CWE-285 4.9 Medium2025-03-11
CVE-2025-27601 Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality CWE-285 4.3 Medium2025-03-11
CVE-2025-24012 Umbraco Backoffice Components Have XSS/HTML Injection Vulnerability CWE-79 4.6 Medium2025-01-21
CVE-2025-24011 Umbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response Codes CWE-200 5.3 Medium2025-01-21
CVE-2024-48929 Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out CWE-384 4.2 Medium2024-10-22
CVE-2024-48927 Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice CWE-74 4.6 Medium2024-10-22
CVE-2024-48926 Umbraco CMS logout page displayed before session expiration CWE-613 4.2 Medium2024-10-22
CVE-2024-48925 Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API CWE-284--2024-10-22
CVE-2024-47819 Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section CWE-79 4.2 Medium2024-10-22
CVE-2024-43377 Umbraco CMS Improper Access Control vulnerability CWE-284 5.4 Medium2024-08-20
CVE-2024-43376 Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information CWE-209 4.3 Medium2024-08-20
CVE-2024-35218 Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane CWE-79 4.2 Medium2024-05-21
CVE-2024-34071 Open Redirect Bypass Protection CWE-601 6.1 Medium2024-05-21
CVE-2024-29035 Umbraco's Blind SSRF Leads to Port Scan by using Webhooks CWE-918 4.1 Medium2024-04-17
CVE-2024-28868 Umbraco possible user enumeration vulnerability CWE-204 3.7 Low2024-03-20
CVE-2023-49279 Umbraco CMS vulnerable to stored XSS via SVG File Upload CWE-79 3.7 Low2023-12-12
CVE-2023-49278 Umbraco CMS brute force exploit can be used to collect valid usernames CWE-200 5.3 Medium2023-12-12
CVE-2023-49274 Umbraco CMS SMTP misconfiguration exposes potential registered user email CWE-200 3.7 Low2023-12-12
CVE-2023-49273 Umbraco CMS vulnerable to Privilege Escalation using Spoofing CWE-863 5.4 Medium2023-12-12
CVE-2023-49089 Umbraco CMS possible path traversal when creating packages from backoffice CWE-22 7.7 High2023-12-12
CVE-2023-48313 Umbraco contains a DOM-XSS CWE-79 4.3 Medium2023-12-12

All 33 known CVE vulnerabilities affecting Umbraco-CMS with full Chinese analysis, references, and POCs where available.