Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Dnnsoftware — Vulnerabilities & Security Advisories 34

Browse all 34 CVE security advisories affecting Dnnsoftware. AI-powered Chinese analysis, POCs, and references for each vulnerability.

DNNSoftware specializes in DNS management solutions, primarily serving enterprise environments with its PowerDNS Recursor and authoritative servers. The software has historically been associated with a significant number of vulnerabilities, currently totaling 34 CVEs. These security issues predominantly involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation or memory corruption errors within the application logic. While the platform is widely deployed for its performance and scalability, the recurring nature of these defects highlights challenges in maintaining rigorous code security standards over time. Notable incidents have included critical exploits allowing unauthenticated attackers to gain system-level access, prompting urgent patching cycles. Despite these challenges, the vendor continues to address these gaps through regular updates, though the high volume of recorded CVEs remains a point of concern for security auditors evaluating the software’s risk posture.

Found 31 results / 34Clear Filters
Top products by Dnnsoftware: Dnn.Platform DNN Platform dnnsoftware/dnn.platform DotNetNuke
CVE IDTitleCVSSSeverityPublished
CVE-2026-40321 DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload — Dnn.PlatformCWE-87 8.1 High2026-04-17
CVE-2026-40306 DNN has same HostGUID for all new installs — Dnn.PlatformCWE-330 5.4AIMediumAI2026-04-17
CVE-2026-40305 DNN has Force Friend Request Acceptance — Dnn.PlatformCWE-285 4.3 Medium2026-04-17
CVE-2026-24838 DotNetNuke.Core Vulnerable to Stored XSS via Module Title — Dnn.PlatformCWE-79 9.1 Critical2026-01-27
CVE-2026-24837 DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal — Dnn.PlatformCWE-79 7.7 High2026-01-27
CVE-2026-24836 DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes — Dnn.PlatformCWE-79 7.7 High2026-01-27
CVE-2026-24833 DotNetNuke.Core Vulnerable to Stored XSS in Module Description — Dnn.PlatformCWE-79 7.7 High2026-01-27
CVE-2026-24784 DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer — Dnn.PlatformCWE-79 6.8 Medium2026-01-27
CVE-2025-64095 DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite — Dnn.PlatformCWE-434 10.0 Critical2025-10-28
CVE-2025-64094 DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload — Dnn.PlatformCWE-79 6.4 Medium2025-10-28
CVE-2025-62802 DNN CKEditor Provider allows unauthenticated upload out-of-the-box — Dnn.PlatformCWE-1188 4.3 Medium2025-10-28
CVE-2025-59548 DNN Vulnerable to Reflected Cross-Site Scripting (XSS) in CKEditor File Browser — Dnn.PlatformCWE-79 6.1AIMediumAI2025-09-23
CVE-2025-59547 DNN's CKEditor File Uploader functionality vulnerable through Unicode obfuscation — Dnn.PlatformCWE-176 5.3 Medium2025-09-23
CVE-2025-59821 DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile — Dnn.PlatformCWE-79 6.5 Medium2025-09-23
CVE-2025-59546 DNN Vulnerable to Stored XSS Using Backend Admin Credentials — Dnn.PlatformCWE-79 2.4 Low2025-09-23
CVE-2025-59545 DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module — Dnn.PlatformCWE-79 9.1 Critical2025-09-23
CVE-2025-59539 DNN affected by Stored Cross-Site Scripting (XSS) in Profile Biography field — Dnn.PlatformCWE-79 6.3 Medium2025-09-23
CVE-2025-59535 DotNetNuke.Core allows loading of unused themes on anonymous clients through query parameters — Dnn.PlatformCWE-20 6.5 Medium2025-09-22
CVE-2025-52488 DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input — Dnn.PlatformCWE-200 8.6 High2025-06-21
CVE-2025-52487 DNN.PLATFORM possibly allows bypass of IP Filters — Dnn.PlatformCWE-863 8.2AIHighAI2025-06-21
CVE-2025-52486 DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects — Dnn.PlatformCWE-79 4.3AIMediumAI2025-06-21
CVE-2025-52485 DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed — Dnn.PlatformCWE-79 4.6AIMediumAI2025-06-21
CVE-2025-48377 Dnn.Platform vulnerable to Reflected Cross-Site Scripting (XSS) in module actions in edit mode — Dnn.PlatformCWE-79 6.1AIMediumAI2025-05-23
CVE-2025-48378 Dnn.Platform vulnerable to Stored Cross-Site Scripting (XSS) with svg files rendered inline — Dnn.PlatformCWE-79 5.4AIMediumAI2025-05-23
CVE-2025-48376 Dnn.Platform's Site Import could use an external source with a crafted request — Dnn.PlatformCWE-841 3.5 Low2025-05-23
CVE-2025-32374 Possible Denial of Service (DoS) in DNN.PLATFORM registration — Dnn.PlatformCWE-770 5.9 Medium2025-04-09
CVE-2025-32373 DNN allows a registered user to enumerate and access files they should not have access to — Dnn.PlatformCWE-639 6.5 Medium2025-04-09
CVE-2025-32372 Server-Side Request Forgery (SSRF) in DotNetNuke.Core — Dnn.PlatformCWE-918 6.5 Medium2025-04-09
CVE-2025-32371 Unexpected external content may be displayed in DNN ImageHandler — Dnn.PlatformCWE-451 4.3 Medium2025-04-09
CVE-2025-32036 DNN allows the possibility of bypassing Captcha — Dnn.PlatformCWE-804 4.2 Medium2025-04-08

This page lists every published CVE security advisory associated with Dnnsoftware. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.