EUVD-2025-10381

Malicious code in bioql PyPI...

DNN < 9.13.8 DotNetNuke.Core Server-Side Request Forgery (CVE-2025-32372)

According to its self-reported version, the instance of DNN formerly DotNetNuke running on the remote web server is prior to 9.13.8. It is, therefore, affected by a server-side request forgery vulnerability: - DNN formerly DotNetNuke is an open-source web content management platform CMS in the...

CVE-2025-32374

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8...

CVE-2025-32372

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including...

CVE-2025-32373

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8...

CVE-2025-32373 DNN allows a registered user to enumerate and access files they should not have access to

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8...

CVE-2025-32373 DNN allows a registered user to enumerate and access files they should not have access to

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8...

CVE-2025-32373

CVE-2025-32373 affects DNN (DotNetNuke) in the Microsoft ecosystem. In limited configurations, registered users may craft a request to enumerate or access portal files they should not have access to. The issue is fixed in version 9.13.8. Remediation: upgrade to 9.13.8 or newer to resolve the vuln...

CVE-2025-32372

CVE-2025-32372 : DNN (DotNetNuke) exposes a bypass of CVE-2017-0929 enabling unauthenticated, semi‑blind SSRF via arbitrary GET requests to internal or external URLs. Public sources reference this as a server-side request forgery affecting DNN, with a fixed revision in 9.13.8; Nessus/NVD entries ...

PT-2025-15704

Name of the Vulnerable Software and Affected Versions: DNN formerly DotNetNuke versions prior to 9.13.8 Description: A bypass has been identified for a previously known vulnerability, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal o...

PT-2025-15705 · Dnn · Dnn

Name of the Vulnerable Software and Affected Versions: DNN formerly DotNetNuke versions prior to 9.13.8 Description: The issue affects DNN, an open-source web content management platform in the Microsoft ecosystem. In certain configurations, registered users may be able to craft a request to...

CVE-2025-32036

CVE-2025-32036 affects DNN (DotNetNuke) where the captcha generation algorithm has low complexity, enabling OCR-based bypass of CAPTCHA. Multiple connected sources (PT-Security and Red Hat advisories) confirm the issue and identify the fixed version as 9.13.8, with prior versions vulnerable. Prac...

CVE-2025-32036 DNN allows the possibility of bypassing Captcha

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send...