Every CVE whose affected-product data names Umbraco Umbraco Forms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2021-33224 — CVSS 9.8 (critical): File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and…
CVE-2025-68924 — CVSS 7.5 (high): In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a data source for…
CVE-2026-24687 — CVSS 6.5 (medium): Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated…
CVE-2025-47280 — CVSS 6.1 (medium): Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to…
CVE-2025-23041 — CVSS 5.8 (medium): Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer…
CVE-2020-7685 — CVSS 5.4 (medium): This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload…
CVE-2024-35239 — CVSS 2.7 (low): Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may…