Lucene search
K

31 matches found

EUVD
EUVD
added 2025/12/12 9:31 p.m.6 views

EUVD-2025-26484

Liferay Portal and DXP Instance Admin can execute code using Objects Actions and Validations...

7.5CVSS6.8AI score0.00389EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/12/12 9:31 p.m.11 views

Liferay Portal and DXP Instance Admin can execute code using Objects Actions and Validations

In Liferay Portal 7.4.3.27 through 7.4.3.42, and Liferay DXP 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 27 through update 42 Liferay PaaS, and Liferay Self-Hosted, the Objects module does not restrict the use of Groovy scripts in Object...

7.5CVSS7.9AI score0.00389EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/28 10:59 p.m.6 views

CVE-2025-62259

Liferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has verified their email address, which allows remote...

6.9CVSS6.9AI score0.00206EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/27 10:13 p.m.2 views

CVE-2025-62259

Liferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has verified their email address, which allows remote...

6.9CVSS6.5AI score0.00206EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/27 7:38 p.m.3 views

CVE-2025-62263

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

4.8CVSS5.5AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/24 10:38 p.m.7 views

CVE-2025-62254

The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number or size of the files i...

7.5CVSS6.9AI score0.00508EPSS
Exploits0References1
CVE
CVE
added 2025/10/08 12:53 p.m.13 views

CVE-2025-43821

CVE-2025-43821 concerns an XSS vulnerability in the Liferay Commerce Product Comparison Table widget. Affected: Liferay Portal 7.4.0–7.4.3.111 and Liferay DXP 2023.Q3.1–2023.Q3.8, 2023.Q4.0–2023.Q4.5, and 7.4 GA through update 92. The flaw arises when user-supplied data is inserted into the Comme...

5.4CVSS5.5AI score0.002EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2025/10/07 10:15 p.m.8 views

CVE-2025-43823

Cross-site scripting XSS vulnerability in the Commerce Search Result widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4 before patch 6, 2023.Q3 before patch 9, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload...

5.4CVSS5.8AI score0.002EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:31 a.m.20 views

EUVD-2025-32592

The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...

4.8CVSS6.3AI score0.00212EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-30789

Malicious code in bioql PyPI...

4.8CVSS6.4AI score0.00197EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-31654

Malicious code in bioql PyPI...

5.1CVSS6.4AI score0.00224EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-30441

Malicious code in bioql PyPI...

6.9CVSS6.4AI score0.00328EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29267

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00231EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.8 views

PT-2025-40601

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2025.Q1.0 through 2025.Q1.4 Liferay DXP versions 2024.Q4.0 through 2024.Q4.5 Liferay DXP versions 2024.Q3.0 through 2024.Q3.13 Liferay DXP versions 2024.Q2.1 through 2024.Q2....

4.6CVSS6.6AI score0.00282EPSS
Exploits0References7
OSV
OSV
added 2025/09/30 7:15 p.m.7 views

CVE-2025-43827

Insecure Direct Object Reference IDOR vulnerability with audit events in Liferay Portal 7.4.0 through 7.4.3.117, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported...

4.3CVSS6.7AI score0.00269EPSS
Exploits0References1
OSV
OSV
added 2025/09/30 12:30 a.m.2 views

GHSA-GJ92-P9MH-83J8 Liferay Portal vulnerable to cross-site scripting in the Calendar widget

Cross-site scripting XSS vulnerability in the Calendar widget in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allows remote attackers to inject arbitrary we...

4.8CVSS6AI score0.00207EPSS
Exploits0References6
OSV
OSV
added 2025/09/29 10:15 p.m.5 views

CVE-2025-43815

Reflected cross-site scripting XSS vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS5.6AI score0.00224EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/23 12:32 a.m.11 views

Liferay Portal and DXP does not properly check permission with import and export tasks

Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authenticated users to access the exported data via...

5.3CVSS6.8AI score0.00234EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2025/09/22 11:15 p.m.9 views

CVE-2025-43814

In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit events records a user’s password reminder answer, which allows remote...

6.9CVSS0.00328EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/22 11:1 p.m.2 views

CVE-2025-43814

In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit events records a user’s password reminder answer, which allows remote...

6.9CVSS6.5AI score0.00328EPSS
Exploits0References1
Rows per page
Query Builder