CVE-2026-40306

DNN Platform (DotNetNuke) CVE-2026-40306 describes a flaw where all new installations of DNN 10.x.x–10.2.1 use the same Host GUID. Red Hat, NVD, CVE listings, and related advisories indicate this shortcoming stems from predictable HostGUID values introduced in releases prior to 10.2.2, which patc...

CVE-2025-62802 DNN CKEditor Provider allows unauthenticated upload out-of-the-box

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most...

EUVD-2021-27371

Malware in sbrugna...

EUVD-2025-10381

Malicious code in bioql PyPI...

CVE-2025-52488

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been...

CVE-2025-48376

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser Host could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue...

CVE-2025-32036

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send...

The vulnerability in the DNN CMS system’s script execution scenario /Activity-Feed/userId/{user_id}, which allows a attacker to perform XSS attacks.

Vulnerability of the DNN CMS system’s /Activity-Feed/userId/userid endpoint: no measures taken to protect the website structure. Exploitation of this vulnerability allows a malicious actor to perform XSS attacks remotely...

CVE-2021-40186

The AppCheck research team identified a Server-Side Request Forgery SSRF vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In...

Server side request forgery (ssrf)

The AppCheck research team identified a Server-Side Request Forgery SSRF vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In...

CVE-2021-40186 DNN CMS Server-Side Request Forgery (SSRF)

The AppCheck research team identified a Server-Side Request Forgery SSRF vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In...

CVE-2021-40186

The OpenVAS entry identifies a DNN CMS (DotNetNuke) SSRF vulnerability affecting DNN versions up to 9.11.2. The flaw enables an attacker to cause the server to perform network requests on its behalf, potentially reaching internal systems and other resources. The vulnerability is described as a se...