Lucene search
K

233 matches found

Github Security Blog
Github Security Blog
added 2025/08/20 3:31 p.m.15 views

Liferay Portal Unauthenticated File Access via URL

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...

5.3CVSS6.7AI score0.00245EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/08/20 1:15 p.m.3 views

CVE-2025-43749

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...

5.3CVSS5.8AI score0.00245EPSS
Exploits0References1
NVD
NVD
added 2025/08/20 1:15 p.m.7 views

CVE-2025-43749

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...

5.3CVSS0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/20 12:32 p.m.9 views

CVE-2025-43749

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...

5.3CVSS0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/20 12:32 p.m.2 views

CVE-2025-43749

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...

5.3CVSS7AI score0.00245EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 12:32 p.m.20 views

CVE-2025-43749

CVE-2025-43749 affects Liferay Portal 7.4.x (7.4.0–7.4.3.132) and Liferay DXP releases up to 2025.Q1.1/2024.Q4.x/2024.Q3.x/2024.Q2.x/2024.Q1.x and 7.4 GA update 92. Issue: unauthenticated access to files uploaded via URL and stored in the document_library. Root cause: insufficient access restrict...

5.3CVSS7AI score0.00245EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.7 views

PT-2025-34043

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2025.Q1.0 through 2025.Q1.1 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q2.0 through...

5.3CVSS6.6AI score0.00245EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/05/23 8:27 a.m.5 views

CVE-2024-43216

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Chill Filr filr-protection.This issue affects Filr: from n/a through = 1.2.4...

6.5CVSS5.9AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:8 a.m.4 views

CVE-2024-37504

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FileBird Document Library.This issue affects FileBird Document Library: from n/a through 2.0.6...

5.3CVSS6.8AI score0.00443EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/13 7:25 a.m.23 views

CVE-2025-4533

A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The...

5.1CVSS6.9AI score0.00589EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/11 6:31 a.m.29 views

CVE-2025-4533 JeecgBoot Document Library Upload zip unzipFile resource consumption

A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The...

5.1CVSS0.00589EPSS
Exploits1References6
CVE
CVE
added 2025/05/11 6:31 a.m.99 views

CVE-2025-4533

CVE-2025-4533 affects JeecgBoot up to 3.8.0. The vulnerability is in the unzipFile function of /jeecg-boot/airag/knowledge/doc/import/zip (Document Library Upload). The attacker can remotely trigger resource consumption by manipulating the File argument, leading to a DoS condition. Multiple conne...

7.5CVSS3.8AI score0.00589EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2024/08/12 9:38 p.m.18 views

CVE-2024-43216 WordPress Filr plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Chill Filr filr-protection.This issue affects Filr: from n/a through = 1.2.4...

6.5CVSS0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/12 9:38 p.m.13 views

CVE-2024-43216 WordPress Filr plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Chill Filr filr-protection.This issue affects Filr: from n/a through = 1.2.4...

6.5CVSS5.2AI score0.00245EPSS
Exploits0References1
CVE
CVE
added 2024/08/12 9:38 p.m.51 views

CVE-2024-43216

The CVE CVE-2024-43216 targets Filr – Secure document library (WordPress plugin). It reports improper input neutralization leading to stored XSS in web page generation, affecting Filr library versions from n/a up to 1.2.4. The issue is categorized as Stored XSS with impact limited to confidential...

6.5CVSS5.9AI score0.00245EPSS
Exploits0References1
NVD
NVD
added 2024/07/10 6:15 p.m.31 views

CVE-2024-37504

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FileBird Document Library.This issue affects FileBird Document Library: from n/a through 2.0.6...

5.3CVSS0.00443EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/10 5:46 p.m.27 views

CVE-2024-37504 WordPress FileBird Document Library plugin <= 2.0.6 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FileBird Document Library.This issue affects FileBird Document Library: from n/a through 2.0.6...

5.3CVSS0.00443EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/10 5:46 p.m.14 views

CVE-2024-37504 WordPress FileBird Document Library plugin <= 2.0.6 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FileBird Document Library.This issue affects FileBird Document Library: from n/a through 2.0.6...

5.3CVSS6.9AI score0.00443EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/10 12:0 a.m.3 views

WordPress plugin FileBird Document Library Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

5.3CVSS6AI score0.00443EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/07/04 1:30 p.m.4 views

WordPress FileBird Document Library plugin <= 2.0.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin FileBird Document Library versions = 2.0.6...

5.3CVSS7AI score0.00443EPSS
Exploits0Affected Software1
Rows per page
Query Builder