UmbracoCMS

NuGet2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting UmbracoCMSpage 1 of 1

CVE-2024-28868LOWCVSS 3.7EG 3.7✓ Fixed in 10.8.5
2024-03-20
Umbraco is an ASP.NET content management system. Umbraco 10 prior to 10.8.4 with access to the native login screen is vulnerable to a possible user enumeration attack. This issue was fixed in version 10.8.5. As a workaround, one may disabl…
CVE-2024-48926MEDIUMCVSS 4.2EG 4.2✓ Fixed in 8.18.15
2024-10-22
vulnerable: 8.0.0 ... 8.9.3 (107 versions)
Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout…

Check whether UmbracoCMS is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for UmbracoCMS CVEs against the assets you own.

Start Free Scan →