Dotnetnuke
This hub aggregates every CVE we track for Dotnetnuke, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
76
CVEs tracked
5
Critical
15
High
3
In CISA KEV
Severity distribution
MEDIUM52HIGH15CRITICAL5LOW4
Monthly trend
0
0
0
0
0
0
0
0
0
6
3
4
0
0
7
3
0
0
5
1
0
3
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Dotnetnuke.
- CVE-2026-40321DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload8.0
- CVE-2026-40306DNN has same HostGUID for all new installs6.5
- CVE-2026-40305DNN has Force Friend Request Acceptance4.3
- CVE-2020-37103DotNetNuke 9.5 - Persistent Cross-Site Scripting6.4
- CVE-2026-24838DotNetNuke.Core Vulnerable to Stored XSS via Module Title9.1
- CVE-2026-24837DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal7.6
- CVE-2026-24836DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes7.6
- CVE-2026-24833DotNetNuke.Core Vulnerable to Stored XSS in Module Description7.6
- CVE-2026-24784DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer6.8
- CVE-2025-64095DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite10.0
- CVE-2025-64094DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload6.4
- CVE-2025-62802DNN CKEditor Provider allows unauthenticated upload out-of-the-box4.3
- CVE-2025-59548DNN Vulnerable to Reflected Cross-Site Scripting (XSS) in CKEditor File Browser6.1
- CVE-2025-59547DNN's CKEditor File Uploader functionality vulnerable through Unicode obfuscation5.3
- CVE-2025-59821DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile6.5
Product normalization is registry-driven with AI assist and human review. How it works