EUVD-2025-10381

Malicious code in bioql PyPI...

EUVD-2025-10548

Malicious code in bioql PyPI...

DNN < 9.13.8 DotNetNuke.Core Server-Side Request Forgery (CVE-2025-32372)

According to its self-reported version, the instance of DNN formerly DotNetNuke running on the remote web server is prior to 9.13.8. It is, therefore, affected by a server-side request forgery vulnerability: - DNN formerly DotNetNuke is an open-source web content management platform CMS in the...

CVE-2025-32374

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8...

CVE-2025-32372

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including...

CVE-2025-32373

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8...

Authorization Bypass Through User-Controlled Key

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key that allows an attacker to enumerate sensitive files by manipulating request...

CVE-2025-32373 DNN allows a registered user to enumerate and access files they should not have access to

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8...

CVE-2025-32373 DNN allows a registered user to enumerate and access files they should not have access to

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8...

CVE-2025-32373

CVE-2025-32373 affects DNN (DotNetNuke) in the Microsoft ecosystem. In limited configurations, registered users may craft a request to enumerate or access portal files they should not have access to. The issue is fixed in version 9.13.8. Remediation: upgrade to 9.13.8 or newer to resolve the vuln...

CVE-2025-32372

CVE-2025-32372 : DNN (DotNetNuke) exposes a bypass of CVE-2017-0929 enabling unauthenticated, semi‑blind SSRF via arbitrary GET requests to internal or external URLs. Public sources reference this as a server-side request forgery affecting DNN, with a fixed revision in 9.13.8; Nessus/NVD entries ...

Server-side Request Forgery (SSRF)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via GET requests. An attacker can execute arbitrary requests and retrieve partial responses from...

PT-2025-15704

Name of the Vulnerable Software and Affected Versions: DNN formerly DotNetNuke versions prior to 9.13.8 Description: A bypass has been identified for a previously known vulnerability, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal o...

PT-2025-15705 · Dnn · Dnn

Name of the Vulnerable Software and Affected Versions: DNN formerly DotNetNuke versions prior to 9.13.8 Description: The issue affects DNN, an open-source web content management platform in the Microsoft ecosystem. In certain configurations, registered users may be able to craft a request to...

Guessable CAPTCHA

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Guessable CAPTCHA due to the algorithmic preference for low complexity images in CaptchaControl.cs. An attacker can bypass captch...

CVE-2025-32036

CVE-2025-32036 affects DNN (DotNetNuke) where the captcha generation algorithm has low complexity, enabling OCR-based bypass of CAPTCHA. Multiple connected sources (PT-Security and Red Hat advisories) confirm the issue and identify the fixed version as 9.13.8, with prior versions vulnerable. Prac...

CVE-2025-32036 DNN allows the possibility of bypassing Captcha

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send...