Vulnerabilidades en umbraco
49 resultadosCVE-2012-10054CRITICALUmbraco CMS < 4.7.1 codeEditorSave.asmx RCEEPSS 2.6%CVE-2025-24011MEDIUMUmbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response CodesEPSS 1.5%CVE-2022-22690HIGHUmbraco Remote ApplicationURL OverwriteEPSS 1.1%CVE-2022-22691MEDIUMUmbraco Password Reset URL PoisonEPSS 1.0%CVE-2025-68924HIGHIn Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a data source for remEPSS 0.7%CVE-2023-32312LOWClient secret not mandatory in UmbracoIdentityExtensionsEPSS 0.6%CVE-2023-49089HIGHUmbraco CMS possible path traversal when creating packages from backofficeEPSS 0.6%CVE-2023-37267HIGHUmbraco allows possible Admin-level access to backoffice without Auth under rare conditionsEPSS 0.6%CVE-2024-10761MEDIUMUmbraco CMS Dashboard frame cross site scriptingEPSS 0.6%CVE-2025-32017HIGHUmbraco has a Management API Vulnerability to Path Traversal With Authenticated UsersEPSS 0.5%CVE-2023-49278MEDIUMUmbraco CMS brute force exploit can be used to collect valid usernamesEPSS 0.5%CVE-2023-49274LOWUmbraco CMS SMTP misconfiguration exposes potential registered user emailEPSS 0.5%CVE-2024-28868LOWUmbraco possible user enumeration vulnerabilityEPSS 0.5%CVE-2024-29035MEDIUMUmbraco's Blind SSRF Leads to Port Scan by using WebhooksEPSS 0.4%CVE-2024-48927MEDIUMPotential Code Execution Risk When Viewing SVG Files in Full Screen in BackofficeEPSS 0.4%CVE-2023-48313MEDIUMUmbraco contains a DOM-XSSEPSS 0.4%CVE-2026-24687MEDIUMUmbraco.Forms has path traversal and file enumeration vulnerability in Linux/MacEPSS 0.4%CVE-2023-38694LOWUmbraco CMS vulnerable to possible injection of HTML in an unintended formEPSS 0.4%CVE-2023-48227MEDIUMUmbraco CMS Backoffice User can bypass "Publish" restrictionEPSS 0.4%CVE-2024-32872MEDIUMUmbraco Workflow's Backoffice users can execute arbitrary SQLEPSS 0.4%