Lucene search
K

2125 matches found

NVD
NVD
added 2024/02/20 8:15 a.m.13 views

CVE-2024-25150

Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page...

4.3CVSS4.3AI score0.00439EPSS
Exploits0References1
Prion
Prion
added 2024/02/20 8:15 a.m.14 views

Information disclosure

Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page...

4CVSS6.6AI score0.00439EPSS
Exploits0References1
CVE
CVE
added 2024/02/20 8:11 a.m.70 views

CVE-2024-25150

Information Disclosure in Liferay Portal/DXP: CVE-2024-25150 affects Liferay Portal 7.2.0–7.4.2 (and related DXP/vintage releases) where remote authenticated users can enumerate user screen names and obtain a user’s full name from the page title. Root cause relates to enumeration via the Control ...

4.3CVSS4.2AI score0.00439EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2024/02/20 8:11 a.m.31 views

CVE-2024-25150

Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page...

4.3CVSS4.6AI score0.00439EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/20 8:11 a.m.18 views

CVE-2024-25150

Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page...

4.3CVSS6.3AI score0.00439EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/20 12:0 a.m.5 views

Liferay Portal and Liferay DXP Security Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

6.5CVSS6.7AI score0.00415EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.5 views

PT-2024-21033 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.3.4 Liferay DXP versions 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17 Description: The issue allows remote authenticated users with the VIEW user permission to edit their own permission v...

6.5CVSS7AI score0.00415EPSS
Exploits0References10
OSV
OSV
added 2024/02/18 3:15 a.m.3 views

CVE-2023-52363

Vulnerability of defects introduced in the design process in the Control Panel module.Successful exploitation of this vulnerability may cause app processes to be started by mistake...

5.3CVSS5.7AI score
Exploits0References2
NVD
NVD
added 2024/02/18 3:15 a.m.16 views

CVE-2023-52363

Vulnerability of defects introduced in the design process in the Control Panel module.Successful exploitation of this vulnerability may cause app processes to be started by mistake...

6.3CVSS6.4AI score0.00217EPSS
Exploits0References2
Prion
Prion
added 2024/02/18 3:15 a.m.17 views

Privilege escalation

Vulnerability of defects introduced in the design process in the Control Panel module.Successful exploitation of this vulnerability may cause app processes to be started by mistake...

7.2AI score0.00217EPSS
Exploits0References2
CVE
CVE
added 2024/02/18 3:2 a.m.7052 views

CVE-2023-52363

CVE-2023-52363 describes a defect introduced in the design process in the Control Panel module with potential to cause app processes to start by mistake. Public sources reference Huawei HarmonyOS/EMUI context and generic design-phase vulnerability impact. The available documents do not provide co...

6.3CVSS6.6AI score0.00217EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2024/02/18 3:2 a.m.22 views

CVE-2023-52363

Vulnerability of defects introduced in the design process in the Control Panel module.Successful exploitation of this vulnerability may cause app processes to be started by mistake...

6.7AI score0.00217EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/18 3:2 a.m.18 views

CVE-2023-52363

Vulnerability of defects introduced in the design process in the Control Panel module.Successful exploitation of this vulnerability may cause app processes to be started by mistake...

6.8AI score0.00217EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/18 12:0 a.m.2 views

Huawei EMUI 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A denial of service vulnerability exists in Huawei...

6.3CVSS6.5AI score0.00217EPSS
Exploits0References3
Kaspersky
Kaspersky
added 2024/02/13 12:0 a.m.141 views

KLA63958 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, gain privileges, spoof user interface, bypass security restrictions. Below is a complete list of...

8.8CVSS9.7AI score0.99995EPSS
Exploits15References60
Github Security Blog
Github Security Blog
added 2024/02/01 8:51 p.m.24 views

Statmic CMS vulnerable to account takeover via XSS and password reset link

Impact HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects: - front-end forms with asset fields without any mime type validation - asset fields in the control panel - asset browser in the control panel Additionally, if the XSS is crafted in a specific...

8.2CVSS6.8AI score0.00734EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2024/02/01 5:15 p.m.10 views

CVE-2024-24570

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...

8.2CVSS8.2AI score0.00734EPSS
Exploits1References3
CVE
CVE
added 2024/02/01 4:42 p.m.64 views

CVE-2024-24570

Statamic CMS is affected by a cross-site scripting vulnerability (CVE-2024-24570) where HTML files disguised as JPEGs could be uploaded via front-end asset fields, control-panel asset fields, and the asset browser. The root cause is improper mime-type validation, enabling XSS execution by authent...

8.2CVSS6.7AI score0.00734EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2024/02/01 4:42 p.m.28 views

CVE-2024-24570 Statamic account takeover via XSS and password reset link

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...

8.2CVSS8.4AI score0.00734EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2024/01/16 7:13 a.m.63 views

Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer

Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer. "Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord," Tren...

8.8CVSS7AI score0.88196EPSS
Exploits2
Rows per page
Query Builder