Lucene search
K

754 matches found

Vulnrichment
Vulnrichment
added 2026/04/17 9:9 p.m.4 views

CVE-2026-40306 DNN has same HostGUID for all new installs

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References2
CVE
CVE
added 2026/04/17 9:6 p.m.17 views

CVE-2026-40305

DNN (DotNetNuke) is affected by CVE-2026-40305 in versions 6.0.0 through 10.2.1, where a crafted request in the friends feature could force the acceptance of a friend request on another user. The issue is fixed in version 10.2.2 (patch). Affects DotNetNuke Platform’s friend-acceptance flow and is...

4.3CVSS5.7AI score0.00183EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/17 9:6 p.m.4 views

CVE-2026-40305 DNN has Force Friend Request Acceptance

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2...

4.3CVSS5.7AI score0.00183EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/17 9:6 p.m.4 views

CVE-2026-40305

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2...

4.3CVSS5.7AI score0.00183EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/17 9:6 p.m.21 views

CVE-2026-40305 DNN has Force Friend Request Acceptance

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2...

4.3CVSS0.00183EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.8 views

DNN 安全漏洞

DNN also known as DotNetNuke is an open-source content management system CMS developed by the American company DNN, supported by Microsoft and built on the ASP.NET platform. This system features easy installation, scalability, and rich functionality. Versions of DNN from 6.0.0 to 10.2.2 contained...

4.3CVSS5.8AI score0.00183EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.9 views

DNN 安全漏洞

DNN also known as DotNetNuke is an open-source content management system CMS developed by the American company DNN, supported by Microsoft and based on the ASP.NET platform. This system features easy installation, scalability, and rich functionality. Versions of DNN prior to 10.2.2 contained...

8CVSS5.7AI score0.07598EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.10 views

DNN 安全漏洞

DNN also known as DotNetNuke is an open-source content management system CMS developed by the American company DNN, supported by Microsoft and based on the ASP.NET platform. This system features easy installation, scalability, and rich functionality. Versions of DNN from 10.x.x to 10.2.1 containe...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/14 11:33 p.m.8 views

DotNetNuke.Core security code analysis rules triggered

The codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351. Most of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices...

5.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/14 11:33 p.m.6 views

GHSA-FCPV-W245-R2Q7 DotNetNuke.Core security code analysis rules triggered

The codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351. Most of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices...

5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.1 views

Dotnetnuke < 10.2.2 Security code analysis rules triggered (GHSA-fcpv-w245-r2q7)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

5.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.13 views

Dotnetnuke < 10.2.2 Stored cross-site-scripting (XSS) via SVG upload (CVE-2026-40321)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

8CVSS5.9AI score0.07598EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 9:7 p.m.7 views

Generation of Predictable Numbers or Identifiers

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers in the form of generation of identical HostGUID values during installation. An...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/10 9:7 p.m.9 views

DNN: Same HostGUID for all new installs

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

6.9CVSS5.2AI score0.00175EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/04/10 9:7 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the AddFriend functionality. An attacker can send a request that forces another user to accept...

5.3CVSS5.8AI score0.00183EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 8:42 p.m.6 views

Cross-site Scripting (XSS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SVG upload. An user can execute arbitrary scripts in the context of other users by uploading a...

8CVSS5.8AI score0.07598EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/10 8:42 p.m.7 views

DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased ...

8CVSS5.2AI score0.07598EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/10 8:42 p.m.2 views

GHSA-FFQ7-898W-9JC4 DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased ...

8CVSS5.8AI score0.07598EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.6 views

PT-2026-32982

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.4 views

PT-2026-32981

Name of the Vulnerable Software and Affected Versions DNN versions 6.0.0 through 10.2.1 Description In the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Recommendations Update to version 10.2.2...

4.3CVSS5.8AI score0.00183EPSS
Exploits0References6
Rows per page
Query Builder