NuGet / Umbraco.Cms

Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers

Modified: 6/10/2026

Umbraco Makes User Enumeration Feasible Based on Timing of Login Response

Modified: 5/6/2025

Umbraco CMS has an arbitrary file upload vulnerability

Modified: 2/3/2026

Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice

Modified: 10/22/2024

XSS/HTML Injection Vulnerability in Umbraco Preview Badge

Modified: 2/19/2025

Umbraco Backoffice API Allows Unauthorized Modification of Domain Data

Modified: 3/13/2026

Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads

Modified: 6/5/2025

Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality

Modified: 12/9/2025

Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes

Modified: 4/17/2025

Umbraco CMS Improper Access Control vulnerability

Modified: 9/17/2024

Umbraco CMS disclosure of configured password requirements

Modified: 6/28/2025

Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users

Modified: 4/9/2025

Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks

Modified: 3/13/2026

Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog

Modified: 6/10/2026

Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering

Modified: 3/13/2026