2754 matches found
Liferay Publications is vulnerable to Incorrect Authorization
Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the...
GHSA-894W-W643-QVXV Liferay Publications is vulnerable to Incorrect Authorization
Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the...
CVE-2025-62244
Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allows remote authenticated attackers to view the edi...
CVE-2025-62243
Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the...
CVE-2025-62243
Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the...
CVE-2025-31997
HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References IDOR. An attacker can bypass authorization and access resources in the system directly, for example database records or files...
PT-2025-41802
Name of the Vulnerable Software and Affected Versions Liferay DXP versions 2023.Q4.1 through 2023.Q4.5 Description An Insecure Direct Object Reference IDOR issue exists in Liferay DXP that allows authenticated remote users to access shipment addresses from different virtual instances. This occurs...
PT-2025-41803
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.4 through 7.4.3.111 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay Portal versions 7.4 GA through update 92 Description An Insecure Direct Object Referenc...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
PT-2025-41811
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay Portal 7.4 GA through update 92 Description An Insecure Direct Object Reference IDOR iss...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
CVE-2025-31997
HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References IDOR. An attacker can bypass authorization and access resources in the system directly, for example database records or files...
CVE-2025-11518 WPC Smart Wishlist for WooCommerce <= 5.0.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation
The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via several wishlist AJAX functions due to missing validation on a user controlled key that is exposed when wishlists are shared. This makes it...
PT-2025-41649
Name of the Vulnerable Software and Affected Versions WPC Smart Wishlist for WooCommerce plugin for WordPress versions up to and including 5.0.3 Description The software is susceptible to an Insecure Direct Object Reference issue in several wishlist AJAX functions. This is due to a lack of...
CVE-2025-40676
Insecure Direct Object Reference IDOR in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure BBMRI-ERIC. This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the 'userID' parameter in...
EUVD-2021-23788
Malware in sbrugna...
EUVD-2021-23004
Malware in sbrugna...
EUVD-2021-24815
Malware in sbrugna...
EUVD-2020-28870
Malware in sbrugna...
EUVD-2020-3939
Malware in sbrugna...