233 matches found
Liferay Portal Unauthenticated File Access via URL
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...
CVE-2025-43749
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...
CVE-2025-43749
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...
CVE-2025-43749
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...
CVE-2025-43749
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...
CVE-2025-43749
CVE-2025-43749 affects Liferay Portal 7.4.x (7.4.0–7.4.3.132) and Liferay DXP releases up to 2025.Q1.1/2024.Q4.x/2024.Q3.x/2024.Q2.x/2024.Q1.x and 7.4 GA update 92. Issue: unauthenticated access to files uploaded via URL and stored in the document_library. Root cause: insufficient access restrict...
PT-2025-34043
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2025.Q1.0 through 2025.Q1.1 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q2.0 through...
CVE-2024-43216
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Chill Filr filr-protection.This issue affects Filr: from n/a through = 1.2.4...
CVE-2024-37504
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FileBird Document Library.This issue affects FileBird Document Library: from n/a through 2.0.6...
CVE-2025-4533
A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The...
CVE-2025-4533 JeecgBoot Document Library Upload zip unzipFile resource consumption
A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The...
CVE-2025-4533
CVE-2025-4533 affects JeecgBoot up to 3.8.0. The vulnerability is in the unzipFile function of /jeecg-boot/airag/knowledge/doc/import/zip (Document Library Upload). The attacker can remotely trigger resource consumption by manipulating the File argument, leading to a DoS condition. Multiple conne...
CVE-2024-43216 WordPress Filr plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Chill Filr filr-protection.This issue affects Filr: from n/a through = 1.2.4...
CVE-2024-43216 WordPress Filr plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Chill Filr filr-protection.This issue affects Filr: from n/a through = 1.2.4...
CVE-2024-43216
The CVE CVE-2024-43216 targets Filr – Secure document library (WordPress plugin). It reports improper input neutralization leading to stored XSS in web page generation, affecting Filr library versions from n/a up to 1.2.4. The issue is categorized as Stored XSS with impact limited to confidential...
CVE-2024-37504
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FileBird Document Library.This issue affects FileBird Document Library: from n/a through 2.0.6...
CVE-2024-37504 WordPress FileBird Document Library plugin <= 2.0.6 - Sensitive Data Exposure vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FileBird Document Library.This issue affects FileBird Document Library: from n/a through 2.0.6...
CVE-2024-37504 WordPress FileBird Document Library plugin <= 2.0.6 - Sensitive Data Exposure vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FileBird Document Library.This issue affects FileBird Document Library: from n/a through 2.0.6...
WordPress plugin FileBird Document Library Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
WordPress FileBird Document Library plugin <= 2.0.6 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin FileBird Document Library versions = 2.0.6...