Liferay Portal & DXP - Cross-Site Scripting

Liferay Portal 7.4.0 through 7.4.3.133 and Liferay DXP 2024.Q1.1 through 2025.Q1.4 contain a reflected XSS caused by improper sanitization in entrycoverimagecaption.jsp, letting remote non-authenticated attackers inject JavaScript. id: CVE-2025-4576 info: name: Liferay Portal & DXP - Cross-Site...

CVE-2026-0233

A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges...

EUVD-2026-21898

A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges...

CVE-2026-0233

CVE-2026-0233 (Autonomous Digital Experience Manager on Windows) is described across multiple sources as a certificate validation vulnerability (improper validation of ADEM certificate) that allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORIT...

CVE-2026-0233 Autonomous Digital Experience Manager: Improper validation of ADEM certificate

A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges...

CVE-2026-0233

A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges...

Palo Alto Networks Autonomous Digital Experience Manager 安全漏洞

Palo Alto Networks Autonomous Digital Experience Manager is an artificial intelligence-based platform for monitoring and analyzing terminal and network experiences developed by Palo Alto Networks. There is a security vulnerability in Palo Alto Networks Autonomous Digital Experience Manager, which...

PT-2026-32052

Name of the Vulnerable Software and Affected Versions Palo Alto Networks Autonomous Digital Experience Manager on Windows affected versions not specified Description A certificate validation issue exists in Palo Alto Networks Autonomous Digital Experience Manager on Windows. An unauthenticated...

CVE-2025-62326

HCL Digital Experience is susceptible to stored cross-site scripting XSS in the administrative user interface which would require elevated privileges to exploit...

CVE-2025-62326

HCL Digital Experience is susceptible to stored cross-site scripting XSS in the administrative user interface which would require elevated privileges to exploit...

CVE-2025-62326

HCL Digital Experience is susceptible to stored cross-site scripting XSS in the administrative user interface which would require elevated privileges to exploit...

CVE-2025-62326

HCL Digital Experience is susceptible to stored XSS in the administrative UI that requires elevated privileges to exploit. Affected component: the admin interface of HCL Digital Experience. The vulnerability is stored XSS with the attacker needing high privileges and user interaction is required ...

CVE-2025-62326 HCL Digital Experience is susceptible to stored cross-site scripting (XSS)

HCL Digital Experience is susceptible to stored cross-site scripting XSS in the administrative user interface which would require elevated privileges to exploit...

CVE-2025-62326 HCL Digital Experience is susceptible to stored cross-site scripting (XSS)

HCL Digital Experience is susceptible to stored cross-site scripting XSS in the administrative user interface which would require elevated privileges to exploit...

PT-2026-21289

HCL Digital Experience is susceptible to stored cross-site scripting XSS in the administrative user interface which would require elevated privileges to exploit...

TeamViewer DEX Client 安全漏洞

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. A security vulnerability exists in TeamViewer DEX Client, which can be exploited by an attacker to cause log entries to be injected, altered, or forged, affecting log integrity...

CVE-2022-38902

A Cross-site scripting XSS vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic...

Insecure Storage Of Sensitive Information

Liferay Portal and Liferay DXP are vulnerable to insecure storage of sensitive information. The vulnerability is due to storing password reset tokens in plain text in the database, which allows an attacker with database access to retrieve the token, reset a user’s password, and take over the user...

Denial Of Service (DoS)

Liferay Portal and Liferay DXP are vulnerable to denial-of-service DoS. The vulnerability is due to the absence of limits on the number of objects returned from Headless API requests, which allows an attacker to exploit the application by sending requests that retrieve an excessively large number...

Denial Of Service (DoS)

Liferay Portal / Liferay DXP is vulnerable to Denial of Service DoS. The vulnerability is due to the ComboServlet not enforcing limits on the number or size of files it combines, which allows a remote attacker to craft malicious URL query strings that generate extremely large responses...