CVE-2026-40306

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

📄 DNN Platform Pre‑10.1.1 Arbitrary File Upload

DNN Platform version Pre‑10.1.1 suffers from an unauthenticated arbitrary file upload vulnerability. This software was formerly known as DotNetNuke. ============================================================================================================================================= | Titl...

GHSA-HMVQ-8P83-CQ52 DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload

Summary Sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. Details DNN validates the contents of SVG's to ensure they are valid and do not contain any malicious code. These checks were introduced as part of CVE-2025-48378. However, the checks to ensure...

CVE-2025-64095

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...

EUVD-2025-30896

Malicious code in bioql PyPI...

K8tools

It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and anti-kill tools. The primary...