CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5051 matches found

NVD•added 2025/08/12 7:15 p.m.•1 views

CVE-2025-43734

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows...

5.4CVSS0.00048EPSS

Exploits0References1

Vulnrichment•added 2025/08/12 6:51 p.m.•2 views

CVE-2025-43734

5.1CVSS5.7AI score0.00048EPSS

Exploits0References1

NVD•added 2025/08/12 4:15 p.m.•2 views

CVE-2025-54800

Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...

7.1CVSS0.0005EPSS

Exploits0References2

AlpineLinux•added 2025/08/12 3:47 p.m.•3 views

CVE-2025-54800

7.1CVSS7AI score0.0005EPSS

Exploits0References2

OSV•added 2025/08/12 3:31 p.m.•3 views

GHSA-222W-XMC5-JHP3 Liferay Portal and Liferay DXP have a reflected cross-site scripting vulnerability

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated...

6.9CVSS5.9AI score0.0007EPSS

Exploits0References5

NVD•added 2025/08/12 1:15 p.m.•4 views

CVE-2025-43735

6.9CVSS0.0007EPSS

Exploits0References1

OSV•added 2025/08/12 1:15 p.m.•5 views

CVE-2025-43735

6.1CVSS5.9AI score0.0007EPSS

Exploits0References1

Vulnrichment•added 2025/08/12 12:19 p.m.•4 views

CVE-2025-43735

6.9CVSS6AI score0.0007EPSS

Exploits0References1

Cvelist•added 2025/08/12 12:19 p.m.•5 views

CVE-2025-43735

6.9CVSS0.0007EPSS

Exploits0References1

CVE•added 2025/08/12 12:19 p.m.•17 views

CVE-2025-43735

CVE-2025-43735 is a reflected XSS vulnerability in Liferay Portal 7.4.x (7.4.0–7.4.3.131) and Liferay DXP 2024.Q1–Q4 updates up to 2024.Q4.7 (and related 7.4 GA up to update 92). An unauthenticated remote attacker can inject JavaScript into the google_gadget. Affected components include com.lifer...

6.9CVSS6AI score0.0007EPSS

Exploits0References1Affected Software2

CNNVD•added 2025/08/12 12:0 a.m.•3 views

Hydra 跨站脚本漏洞

Hydra is a Nix open source continuous integration service based on the Nix project. A cross-site scripting vulnerability exists in versions prior to Hydra dea1e16, which stems from a malicious package that can inject arbitrary JavaScript code, potentially leading to a cross-site scripting attack...

7.1CVSS6AI score0.0005EPSS

Exploits0References2

Positive Technologies•added 2025/08/12 12:0 a.m.•5 views

PT-2025-32669 · Liferay · Liferay Portal +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.131 Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...

6.9CVSS5.2AI score0.0007EPSS

Exploits0References10

Positive Technologies•added 2025/08/12 12:0 a.m.•4 views

PT-2025-32681 · Hydra · Hydra

Name of the Vulnerable Software and Affected Versions: Hydra versions prior to commit dea1e16 Description: Hydra, a continuous integration service for Nix based projects, is susceptible to arbitrary JavaScript code injection into its database. A malicious package can introduce this code, which is...

7.1CVSS7.5AI score0.0005EPSS

Exploits0References5

Github Security Blog•added 2025/08/08 6:32 p.m.•7 views

Liferay Portal Reflected XSS in blogs-web

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows an...

6.9CVSS5.7AI score0.09045EPSS

Exploits0References5Affected Software1

NVD•added 2025/08/08 4:15 p.m.•2 views

CVE-2025-4576

6.9CVSS0.09045EPSS

Exploits0References1

Cvelist•added 2025/08/08 3:42 p.m.•6 views

CVE-2025-4576

6.9CVSS0.09045EPSS

Exploits0References1

Vulnrichment•added 2025/08/08 3:42 p.m.•3 views

CVE-2025-4576

6.9CVSS5.4AI score0.09045EPSS

Exploits0References1

OSV•added 2025/08/08 9:38 a.m.•6 views

BIT-OPENCART-2025-45892

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...

6.1CVSS5.2AI score0.00167EPSS

Exploits1References3

RedhatCVE•added 2025/08/08 12:29 a.m.•5 views

CVE-2025-51053

A Cross-site scripting XSS vulnerability in /apivedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in victim's browser...

6.1CVSS6.1AI score0.00374EPSS

Exploits2References1

Positive Technologies•added 2025/08/08 12:0 a.m.•4 views

PT-2025-32363

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.133 Liferay DXP versions 2025.Q1.0 through 2025.Q1.4 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q2.0 through 2024.Q2....

6.9CVSS5.8AI score0.09045EPSS

Exploits0References11

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by