Via manipulation of backoffice API URLs it's possible for authenticated backoffice users to retrieve or delete content or media held within folders the editor does not have access to.
Umbraco have an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice, before the vulnerability is exposed.
Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical.
Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.