Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-46609 |
|
Cross-Site Scripting (XSS) in Umbraco.Cms (CVE-2026-46609)
cross-site scripting in Umbraco.Cms (CVE-2026-46609). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `17.4.0` or later.
|
| CVE-2026-46616 |
|
Open Redirect in Umbraco.Cms (CVE-2026-46616)
vulnerability in Umbraco.Cms (CVE-2026-46616). Risk of unauthorized operations or information disclosure. Exploitable via ``UmbLoginStatusController``. Mitigation: upgrade to `17.4.0` or later.
|
| CVE-2025-67288 |
|
Unrestricted File Upload in umbraco (CVE-2025-67288)
vulnerability in umbraco (CVE-2025-67288). Successful exploitation can lead to full system takeover.
|
| CVE-2024-55488 |
|
Cross-Site Scripting (XSS) in umbraco (CVE-2024-55488)
cross-site scripting in umbraco (CVE-2024-55488). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-33224 |
|
Unrestricted File Upload in umbraco (CVE-2021-33224)
vulnerability in umbraco (CVE-2021-33224). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15279 |
|
Cross-Site Scripting (XSS) in umbraco (CVE-2017-15279)
cross-site scripting in umbraco (CVE-2017-15279). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-15280 |
|
XXE (XML External Entity) in ssrf (CVE-2017-15280)
vulnerability in ssrf (CVE-2017-15280). Confidential information can be exposed externally.
|
| CVE-2012-1301 |
|
Vulnerability in umbraco (CVE-2012-1301)
vulnerability in umbraco (CVE-2012-1301). Successful exploitation can lead to full system takeover.
|
| CVE-2015-8813 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2015-8813)
SSRF in ssrf (CVE-2015-8813). Data can be tampered with by attackers.
|
| CVE-2015-8814 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2015-8814)
vulnerability in csrf (CVE-2015-8814). Successful exploitation can lead to full system takeover.
|
| CVE-2015-8815 |
|
Cross-Site Scripting (XSS) in umbraco (CVE-2015-8815)
cross-site scripting in umbraco (CVE-2015-8815). Risk of unauthorized operations or information disclosure.
|