Product
umbraco forms
8 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-24687
CVE-2025-68924
CVE-2025-47280
CVE-2025-23041
CVE-2024-35239
CVE-2021-33224
CVE-2021-37334
CVE-2020-7685
>= 16.0.0 and < 16.4.1
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated bac
<= 8.13.16
In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a data sour
>= 7.0.0 and < 13.4.2
Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior t
< 8.13.15
Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long a
< 8.13.13
Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit F
all versions
File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.co
>= 4.0.0 and < 4.4.9
Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code
all versions
This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload