Lucene search
K

35 matches found

RedhatCVE
RedhatCVE
added 2026/01/10 5:40 a.m.4 views

CVE-2026-22244

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection SSTI in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch...

9.4CVSS8.2AI score0.0076EPSS
Exploits1References1
NVD
NVD
added 2026/01/08 4:16 p.m.9 views

CVE-2026-22244

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection SSTI in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch...

9.4CVSS0.0076EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/07 7:33 p.m.5 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the getTemplate function. An attacker can execute arbitrary code on the server by injecting malicious FreeMarker templates through the email template editing API...

9.4CVSS7.6AI score
Exploits0References2
Veracode
Veracode
added 2025/11/17 9:34 a.m.7 views

Sensitive Information Exposure

com.liferay.portal.template.freemarker is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper data handling in Freemarker templates, where sensitive user data is unintentionally included in the template context, allowing an unauthorized actor to access and potential...

6.5CVSS6.5AI score0.00282EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/10/28 12:0 a.m.10 views

CVE-2025-60355

zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI Server-Side Template Injection via FreeMarker templates...

0.00466EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-1631

Malware in sbrugna...

4.3CVSS6.4AI score0.09795EPSS
Exploits0References16
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-6090

Malware in sbrugna...

9.6CVSS9.3AI score0.01873EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/10/04 9:37 p.m.7 views

CVE-2025-43825

A vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.5, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA...

4.6CVSS6.8AI score0.00282EPSS
Exploits0References1
OSV
OSV
added 2025/10/04 12:32 a.m.7 views

GHSA-RGGC-GF6W-9Q73 Liferay Portal exposes sensitive user data through its Freemarker template

A vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.5, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA...

4.6CVSS6.5AI score0.00282EPSS
Exploits0References5
OSV
OSV
added 2025/10/03 10:15 p.m.9 views

CVE-2025-43825

A vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.5, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA...

6.5CVSS5.8AI score0.00282EPSS
Exploits0References1
CVE
CVE
added 2025/10/03 9:16 p.m.16 views

CVE-2025-43825

The CVE-2025-43825 entry concerns a vulnerability in Liferay Portal/DXP where the Freemarker template processing (com.liferay.portal.template.freemarker) improperly handles data, allowing sensitive user information to be exposed via the Freemarker template context. Affected products/versions incl...

6.5CVSS6.4AI score0.00282EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2025/10/03 9:16 p.m.3 views

CVE-2025-43825

A vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.5, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA...

4.6CVSS6.4AI score0.00282EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-24044

Malicious code in bioql PyPI...

5.1CVSS6.3AI score0.00201EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-29326

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.03627EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.8 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

6.5CVSS6.3AI score0.00282EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/11 5:27 a.m.9 views

CVE-2025-4655

SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows template editor...

5.1CVSS7.2AI score0.00201EPSS
Exploits0References1
OSV
OSV
added 2025/08/09 6:30 a.m.4 views

GHSA-C6G5-G6R7-Q4J6 Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery

An SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, and 7.4 GA through update 92 allows template...

5.1CVSS7.1AI score0.00201EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/08/09 6:30 a.m.7 views

Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery

An SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, and 7.4 GA through update 92 allows template...

5.1CVSS7.1AI score0.00201EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2025/08/09 5:15 a.m.6 views

CVE-2025-4655

SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows template editor...

5.1CVSS0.00201EPSS
Exploits0References1
OSV
OSV
added 2025/08/09 5:15 a.m.5 views

CVE-2025-4655

SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows template editor...

5CVSS5.8AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder