Lucene search
+L

123 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-0895

Malicious code in bioql PyPI...

3.7CVSS4.6AI score0.00458EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-23542

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00527EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25583

Malicious code in bioql PyPI...

6.9CVSS6.4AI score0.00286EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-25558

Malicious code in bioql PyPI...

5.5CVSS5.8AI score0.00089EPSS
Exploits0References1
Veracode
Veracode
added 2025/09/17 4:58 p.m.6 views

Username Enumeration

Liferay Portal is vulnerable to Username Enumeration. The vulnerability is due to information disclosure because attackers can determine if an account exists by measuring differences in server processing time during login requests...

6.9CVSS6.5AI score0.00234EPSS
Exploits0References23Affected Software3
Veracode
Veracode
added 2025/09/12 11:13 a.m.7 views

User Enumeration

com.liferay, com.liferay.login.web is vulnerable to User Enumeration. The vulnerability is due to improper handling of account creation requests on the "create account" page, which allows an attacker to determine if a specific account exists in the application...

6.9CVSS6.9AI score0.00286EPSS
Exploits0References12Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/24 4:6 p.m.6 views

CVE-2025-43751

User enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10 and 7.4 GA through update 92...

6.9CVSS6.5AI score0.00286EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/23 5:15 p.m.8 views

CVE-2025-43754

Username enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows attackers to determine if an account exist in the...

6.9CVSS6.3AI score0.00234EPSS
Exploits0References1
OSV
OSV
added 2025/08/22 6:31 p.m.6 views

GHSA-XWC5-Q44V-P6GG Liferay Portal User Enumeration Vulnerability via the Create Account Page

User enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10 and 7.4 GA through update 92...

6.9CVSS7.2AI score0.00286EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2025/08/22 6:31 p.m.11 views

Liferay Portal User Enumeration Vulnerability via the Create Account Page

User enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10 and 7.4 GA through update 92...

6.9CVSS7.2AI score0.00286EPSS
Exploits0References12Affected Software1
NVD
NVD
added 2025/08/22 4:15 p.m.6 views

CVE-2025-43751

User enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10 and 7.4 GA through update 92...

6.9CVSS0.00286EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/22 3:58 p.m.11 views

CVE-2025-43751

User enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10 and 7.4 GA through update 92...

6.9CVSS0.00286EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/22 3:58 p.m.3 views

CVE-2025-43751

User enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10 and 7.4 GA through update 92...

6.9CVSS6.7AI score0.00286EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.9 views

PT-2025-34437

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2023.Q4.0 through 2023.Q4.10 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2024.Q1.1 through 2024.Q1.14 Liferay DXP versions 2024.Q2.0 through...

6.9CVSS6.5AI score0.00286EPSS
Exploits0References17
RedhatCVE
RedhatCVE
added 2025/05/23 10:33 a.m.8 views

CVE-2024-34336

User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality...

5.3CVSS7AI score0.0038EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:31 a.m.7 views

CVE-2024-26268

User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by...

5.3CVSS6.9AI score0.00527EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:17 a.m.9 views

CVE-2022-48366

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack...

3.7CVSS6.7AI score0.00458EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 12:11 a.m.6 views

CVE-2022-44381

Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request...

5.3CVSS6.7AI score0.00646EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:35 p.m.2 views

CVE-2022-20300

In Content, there is a possible way to check if the given account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.5CVSS5.3AI score0.00089EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:35 p.m.5 views

CVE-2022-20303

In ContentService, there is a possible way to determine if an account is on the device without GETACCOUNTS permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product:...

5.5CVSS5.3AI score0.00089EPSS
Exploits0References1
Rows per page
Query Builder