DoS (Denial of Service) in Bitbucket Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 9.0.1 and 10.0.0 of Bitbucket Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to...

DNN: Same HostGUID For All New Installs

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

CVE-2026-40321

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased ...

CVE-2026-40305

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2...

CVE-2026-40321 DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased ...

CVE-2026-40321 DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased ...

CVE-2026-40306 DNN has same HostGUID for all new installs

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

CVE-2026-40306 DNN has same HostGUID for all new installs

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

CVE-2026-20203 Improper Access Control in Data Model Acceleration in Splunk Enterprise

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the admin or power Splunk roles, has write permission on...

Generation of Predictable Numbers or Identifiers

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers in the form of generation of identical HostGUID values during installation. An...

Cross-site Request Forgery (CSRF)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the AddFriend functionality. An attacker can send a request that forces another user to accept...

Dotnetnuke 6.0.x < 10.2.2 Force Friend Request Acceptance (GHSA-fpj4-9qhx-5m6m)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 6.0.x prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Dotnetnuke 6.0.x < 10.2.2 Force Friend Request Acceptance (CVE-2026-40305)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 6.0.x prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

CVE-2026-28070

Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through v10.2.2...

EUVD-2026-13051

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tips and Tricks HQ WP eMember allows Reflected XSS.This issue affects WP eMember: from n/a through v10.2.2...

EUVD-2026-13049

Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through v10.2.2...

CVE-2026-28070

Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through v10.2.2...

CVE-2026-28073 WordPress WP eMember theme <= v10.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tips and Tricks HQ WP eMember allows Reflected XSS.This issue affects WP eMember: from n/a through v10.2.2...

CVE-2026-28073 WordPress WP eMember theme <= v10.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tips and Tricks HQ WP eMember allows Reflected XSS.This issue affects WP eMember: from n/a through v10.2.2...

CVE-2026-28073

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tips and Tricks HQ WP eMember allows Reflected XSS.This issue affects WP eMember: from n/a through v10.2.2...