Lucene search
K

5 matches found

OSV
OSV
added 2026/06/19 8:3 a.m.4 views

CVE-2026-56138 Authenticated Path Traversal in AIL framework /objects/item/diff Allows Reading Gzip-Compressed Files

AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...

5.3CVSS5.9AI score0.00341EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-29263

Malicious code in bioql PyPI...

4.8CVSS6.4AI score0.00243EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/09/16 12:30 a.m.9 views

Liferay Stored Cross-site Scripting vulnerability

Stored cross-site scripting XSS vulnerability in a custom object’s /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35 allows remote attackers to inject arbitrary web...

6.1CVSS5.6AI score0.00243EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/09/15 10:15 p.m.8 views

CVE-2025-43802

Stored cross-site scripting XSS vulnerability in a custom object’s /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35. allows remote attackers to inject arbitrary web...

6.1CVSS0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/15 9:58 p.m.5 views

CVE-2025-43802

Stored cross-site scripting XSS vulnerability in a custom object’s /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35. allows remote attackers to inject arbitrary web...

4.8CVSS5.1AI score0.00243EPSS
Exploits0References1
Rows per page
Query Builder