| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40321 | DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload | dnnsoftware | Dnn.Platform | High | 8.0 | 2026-04-17 21:10:33 | Deep Dive |
| CVE-2026-40306 | DNN has same HostGUID for all new installs | dnnsoftware | Dnn.Platform | - | - | 2026-04-17 21:09:30 | Deep Dive |
| CVE-2026-40305 | DNN has Force Friend Request Acceptance | dnnsoftware | Dnn.Platform | Medium | 4.3 | 2026-04-17 21:06:09 | Deep Dive |
| CVE-2026-24838 | DotNetNuke.Core Vulnerable to Stored XSS via Module Title | dnnsoftware | Dnn.Platform | Critical | 9.1 | 2026-01-27 23:58:33 | Deep Dive |
| CVE-2026-24837 | DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal | dnnsoftware | Dnn.Platform | High | 7.6 | 2026-01-27 23:53:24 | Deep Dive |
| CVE-2026-24836 | DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes | dnnsoftware | Dnn.Platform | High | 7.6 | 2026-01-27 23:51:27 | Deep Dive |
| CVE-2026-24833 | DotNetNuke.Core Vulnerable to Stored XSS in Module Description | dnnsoftware | Dnn.Platform | High | 7.6 | 2026-01-27 23:49:25 | Deep Dive |
| CVE-2026-24784 | DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer | dnnsoftware | Dnn.Platform | Medium | 6.8 | 2026-01-27 23:47:42 | Deep Dive |
| CVE-2025-64095 | DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite | dnnsoftware | Dnn.Platform | Critical | 10.0 | 2025-10-28 21:46:11 | Deep Dive |
| CVE-2025-64094 | DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload | dnnsoftware | Dnn.Platform | Medium | 6.4 | 2025-10-28 21:44:31 | Deep Dive |
| CVE-2025-62802 | DNN CKEditor Provider allows unauthenticated upload out-of-the-box | dnnsoftware | Dnn.Platform | Medium | 4.3 | 2025-10-28 21:42:08 | Deep Dive |
| CVE-2025-59548 | DNN Vulnerable to Reflected Cross-Site Scripting (XSS) in CKEditor File Browser | dnnsoftware | Dnn.Platform | - | - | 2025-09-23 17:58:55 | Deep Dive |
| CVE-2025-59547 | DNN's CKEditor File Uploader functionality vulnerable through Unicode obfuscation | dnnsoftware | Dnn.Platform | Medium | 5.3 | 2025-09-23 17:56:47 | Deep Dive |
| CVE-2025-59821 | DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile | dnnsoftware | Dnn.Platform | Medium | 6.5 | 2025-09-23 17:42:17 | Deep Dive |
| CVE-2025-59546 | DNN Vulnerable to Stored XSS Using Backend Admin Credentials | dnnsoftware | Dnn.Platform | Low | 2.4 | 2025-09-23 17:41:48 | Deep Dive |
| CVE-2025-59545 | DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module | dnnsoftware | Dnn.Platform | Critical | 9.0 | 2025-09-23 17:41:30 | Deep Dive |
| CVE-2025-59539 | DNN affected by Stored Cross-Site Scripting (XSS) in Profile Biography field | dnnsoftware | Dnn.Platform | Medium | 6.3 | 2025-09-23 17:41:01 | Deep Dive |
| CVE-2025-59535 | DotNetNuke.Core allows loading of unused themes on anonymous clients through query parameters | dnnsoftware | Dnn.Platform | Medium | 6.5 | 2025-09-22 20:59:04 | Deep Dive |
| CVE-2025-52488 | DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input | dnnsoftware | Dnn.Platform | High | 8.6 | 2025-06-21 02:51:25 | Deep Dive |
| CVE-2025-52487 | DNN.PLATFORM possibly allows bypass of IP Filters | dnnsoftware | Dnn.Platform | - | - | 2025-06-21 02:44:59 | Deep Dive |