3575 matches found
CVE-2025-43762
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...
Vvveb 安全漏洞
Vvveb is a powerful and easy-to-use CMS from Givan Personal Developers for building websites, blogs or e-commerce stores. A security vulnerability exists in Vvveb version 1.0.7.2 and earlier, which stems from the incorrect operation of the parameter files in the /system/traits/media.php file...
PT-2025-34546 · Ibm · Integrated Analytics System
Name of the Vulnerable Software and Affected Versions: IBM Integrated Analytics System versions 1.0.0.0 through 1.0.30.0 Description: The software allows an authenticated user to upload files with dangerous types. If opened by another user, these files could lead to code execution. Recommendation...
IBM Integrated Analytics System 代码问题漏洞
IBM Integrated Analytics System is an integrated data analytics platform from International Business Machines IBM. A code issue vulnerability exists in IBM Integrated Analytics System versions 1.0.0.0 through 1.0.30.0, which stems from allowing the upload of dangerously typed files could lead to...
CVE-2025-55383
Moss before v0.15 has a file upload vulnerability. The "upload" function configuration allows attackers to upload files of any extension to any location on the target server...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the lack of temporary file deletions in the forms upload field. An attacker can exhaust system resources by uploading an unlimited number of files, potentially leading to...
Liferay Portal users can upload an unlimited amount of files
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...
GHSA-84PP-QR92-95C9 Liferay Portal users can upload an unlimited amount of files
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...
CVE-2025-26497
Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux Flow Editor modules allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...
CVE-2025-26496
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux File Upload modules allows Local Code Inclusion.This issue affects Tableau Server, Tableau Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19...
CVE-2025-43762
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...
CVE-2025-43762
CVE-2025-43762 affects Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP 2025.Q1.0–2025.Q1.1 (also 2024 Qx releases), where forms upload allows an unlimited number of files to be stored in document_library, enabling a potential DDoS. Concrete details available: vulnerable components include form upl...
CVE-2025-43762
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...
CVE-2025-43762
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...
CVE-2025-43758
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...
Exploiting API4 — 8 Real-World Unrestricted Resource Consumption Attack Scenarios (and How to Stop Them)
Unrestricted Resource ConsumptionAPI4:2023 is the only threat category in the OWASP API Security Top 10 explicitly dedicated to Denial of Service DoS and resource abuse. But despite being just one category, attackers can exploit it in many different ways; from large file uploads and expensive...
GHSA-QPP6-F3QJ-RGGQ Liferay Portal's Unlimited File Upload Could Result in DoS
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...
CVE-2025-43752
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...
CVE-2025-43752
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...
CVE-2025-43752
Summary: CVE-2025-43752 affects Liferay Portal 7.4.x (including 7.4 GA up to update 92) and Liferay DXP 2025.Q1.x (and 2024 Q1–Q4 releases), where an unrestricted file upload via object entries attachment fields allows unlimited files to be stored in document_library, enabling potential DoS via r...