CVE-2025-70866

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...

CVE-2025-70866

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...

Lavalite CMS 安全漏洞

Lavalite CMS is an open-source content management system based on PHP. Version 10.1.0 of Lavalite CMS has a security vulnerability caused by improper access control, which may allow low-privilege users to directly access the administration backend...

EVE Seals Vault Key With SHA1 PCRs

Impact The vault key is sealed using SHA1 PCRs instead of SHA256 PCRs Thus an attacker with physical access to an EVE-OS device can try to brute force creating a kernel or rootfs image which produces the same SHA1 PCR but with malicious content. Patches Fixed in 9.4.3-lts and 10.1.0 Workarounds N...

EUVD-2017-1268

Malware in sbrugna...

EUVD-2020-9326

Malware in sbrugna...

EUVD-2025-2918

Malicious code in bioql PyPI...

EUVD-2025-24574

Malicious code in bioql PyPI...

CVE-2025-59546

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched ...

CVE-2025-59539

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, when embedding information in the Biography field, even if that field is not rich-text, users could inject javascript code that would run in the context of the websit...

CVE-2025-59547

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, the CKEditor file upload endpoint has insufficient sanitization for filenames allowing probing network endpoints. A specially crafted request can be made to upload a...

CVE-2025-59545

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed...

CVE-2025-59548 DNN Vulnerable to Reflected Cross-Site Scripting (XSS) in CKEditor File Browser

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicking such link. This issue has been patched in...

CVE-2025-59547 DNN's CKEditor File Uploader functionality vulnerable through Unicode obfuscation

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, the CKEditor file upload endpoint has insufficient sanitization for filenames allowing probing network endpoints. A specially crafted request can be made to upload a...

CVE-2025-59547 DNN's CKEditor File Uploader functionality vulnerable through Unicode obfuscation

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, the CKEditor file upload endpoint has insufficient sanitization for filenames allowing probing network endpoints. A specially crafted request can be made to upload a...

CVE-2025-59821

CVE-2025-59821 : DNN (DotNetNuke) before version 10.1.0 is vulnerable to a reflected Cross‑Site Scripting (XSS) attack via URL/profile rendering. The issue arises from inadequate neutralization/encoding of HTML‑relevant characters in URL/path handling and template rendering, allowing attacker‑con...

CVE-2025-59821 DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases,...

CVE-2025-59546 DNN Vulnerable to Stored XSS Using Backend Admin Credentials

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched ...

CVE-2025-59546 DNN Vulnerable to Stored XSS Using Backend Admin Credentials

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched ...

CVE-2025-59545 DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed...