Umbraco.Cms
NuGet9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting Umbraco.Cmspage 1 of 1
- CVE-2024-10761MEDIUMCVSS 4.3EG 4.3✓ Fixed in 10.8.82024-11-04
vulnerable: 10.8.7
A vulnerability was found in Umbraco CMS up to 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation …
- CVE-2024-43377MEDIUMCVSS 5.4EG 5.4✓ Fixed in 14.1.22024-08-20
vulnerable: 14.0.0, 14.1.0, 14.1.0-rc, 14.1.0-rc2, 14.1.1
Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2.
- CVE-2024-48927MEDIUMCVSS 4.6EG 4.6✓ Fixed in 13.5.22024-10-22
vulnerable: 13.0.0 ... 13.5.1 (22 versions)
Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution f…
- CVE-2025-24011MEDIUMCVSS 5.3EG 5.3✓ Fixed in 14.3.22025-01-21
vulnerable: 14.0.0 ... 14.3.1 (13 versions)
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of…
- CVE-2025-32017HIGHCVSS 8.8EG 8.8✓ Fixed in 14.3.42025-04-08
vulnerable: 14.0.0 ... 14.3.3 (20 versions)
Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location.…
- CVE-2025-46736MEDIUMCVSS 5.3EG 5.3✓ Fixed in 13.8.12025-05-06
vulnerable: 11.0.0 ... 13.8.0-rc (85 versions)
Umbraco is a free and open source .NET content management system. Prior to versions 10.8.10 and 13.8.1, based on an analysis of the timing of post login API responses, it's possible to determine whether an account exists. The issue is patc…
- CVE-2025-48953MEDIUMCVSS 5.5EG 5.5✓ Fixed in 15.4.22025-06-03
vulnerable: 14.0.0 ... 15.4.1 (39 versions)
Umbraco is an ASP.NET content management system (CMS). Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it's possible to upload a file that doesn't adhere with the configured allowable file extensions via a manipulated A…
- CVE-2025-49147MEDIUMCVSS 5.3EG 5.3✓ Fixed in 10.8.112025-06-24
vulnerable: 10.0.0 ... 10.8.9 (37 versions)
Umbraco, a free and open source .NET content management system, has a vulnerability in versions 10.0.0 through 10.8.10 and 13.0.0 through 13.9.1. Via a request to an anonymously authenticated endpoint it's possible to retrieve information …
- CVE-2025-66625MEDIUMCVSS 4.9EG 4.9✓ Fixed in 13.12.12025-12-09
vulnerable: 10.0.0 ... 13.9.3 (138 versions)
Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to tempor…
Check whether Umbraco.Cms is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for Umbraco.Cms CVEs against the assets you own.
Start Free Scan →