Researchers found a vulnerability in the .NET Framework, dubbed SOAPwn, that allows attackers to exploit SOAP messages to execute arbitrary code in various applications, including Barracuda and Ivanti. Microsoft has chosen not to fix it, citing that it stems from application design flaws. Some affected software has released patches, but Umbraco 8 remains vulnerable since it reached end-of-life.