Lucene search
+L

520 matches found

NVD
NVD
added 2025/09/12 8:15 p.m.35 views

CVE-2025-43795

Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via t...

6.1CVSS0.00223EPSS
Exploits0References1
OSV
OSV
added 2025/09/12 8:15 p.m.8 views

CVE-2025-43795

Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via t...

6.1CVSS6.9AI score0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/12 7:55 p.m.3 views

CVE-2025-43795

Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via t...

5.1CVSS6.6AI score0.00223EPSS
Exploits0References1
CVE
CVE
added 2025/09/12 7:55 p.m.25 views

CVE-2025-43795

CVE-2025-43795: Open redirect vulnerabilities in Liferay Portal/DXP SystemSettingsPortlet, InstanceSettingsPortlet and SiteSettingsPortlet redirects (com_liferay_configuration_admin_web_portlet *_redirect). Affected: Liferay Portal 7.1.0–7.4.3.101; Liferay DXP 2023.Q3.1–2023.Q3.4; 7.4 GA up to up...

6.1CVSS6.6AI score0.00223EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/09/12 7:55 p.m.42 views

CVE-2025-43795

Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via t...

5.1CVSS0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/12 12:0 a.m.5 views

Liferay Portal和Liferay DXP 输入验证错误漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

6.1CVSS6.4AI score0.00223EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/12 12:0 a.m.15 views

PT-2025-37346

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.1.0 through 7.4.3.101 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay Portal 7.4 GA through update 92 Liferay Portal 7.3 GA through update 35 Older unsupported versions Description: An open redirect issue...

6.1CVSS6.5AI score0.00223EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-20474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local...

7.8CVSS7.2AI score0.00242EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/09/06 7:31 p.m.7 views

CVE-2025-26419

In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

3.3CVSS6.9AI score0.00084EPSS
Exploits0References1
NVD
NVD
added 2025/09/04 8:15 p.m.12 views

CVE-2025-26419

In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

3.3CVSS0.00084EPSS
Exploits0References1
OSV
OSV
added 2025/09/04 8:15 p.m.5 views

CVE-2025-26419

In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

3.3CVSS5.9AI score0.00084EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/04 7:28 p.m.12 views

CVE-2025-26419

In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

0.00084EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-38247

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nagios XI v5.8.6 was discovered to contain a cross-site scripting XSS vulnerability via the System Settings page under the Admin panel. CVE-2022-38247 Note that...

4.8CVSS6.1AI score0.01743EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2025/08/26 12:0 a.m.168 views

📄 GeoVision ASManager Windows Application 6.1.2.0 Remote Code Execution

GeoVision ASManager Windows Application version 6.1.2.0 suffers from a remote code execution vulnerability. Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution RCE Date: 19-MAR-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage:...

8.8CVSS8.2AI score0.19519EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/08/26 12:0 a.m.341 views

GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution (RCE)

Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution RCE Date: 19-MAR-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.2.0 or less Tested on:...

8.8CVSS9.5AI score0.19519EPSS
Exploits3
Vulnrichment
Vulnrichment
added 2025/08/25 12:0 a.m.3 views

CVE-2025-44179

Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection vulnerability in the telnet service. The issue arises due to improper input validation within the telnet command handling mechanism. An attacker can exploit this vulnerability by injecting arbitrary commands through the telnet interfa...

7.9AI score0.00837EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.6 views

Foxit Reader 缓冲区错误漏洞

Foxit PDF Reader is a Chinese Foxit Foxit company's a PDF document reader. Foxit PDF Reader suffers from a buffer overflow vulnerability that originates from an uninitialized pointer, which can be exploited by an attacker to obtain system privileges and modify the system configuration by executin...

8.8CVSS7.2AI score0.00583EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/08/08 12:0 a.m.12 views

The vulnerability of the System Settings component in macOS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the System Settings component in macOS operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

4CVSS5.4AI score0.00236EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2025/07/17 12:45 p.m.25 views

CVE-2025-5344

CVE-2025-5344 affects Bluebird devices with a pre-loaded kiosk application exposing an unsecured AIDL-type service, com.bluebird.kiosk.launcher.IpartnerKioskRemoteService . A local attacker can bind this service to modify the device’s global settings and wallpaper. The issue affects all versions ...

8.5CVSS6.9AI score0.00139EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/17 12:45 p.m.4 views

CVE-2025-5344 Exposed AIDL service allowing for tampering of system secure settings in Bluebird kiosk application

Bluebird devices contain a pre-loaded kiosk application. This application exposes an unsecured service provider "com.bluebird.kiosk.launcher.IpartnerKioskRemoteService". A local attacker can bind to the AIDL-type service to modify device's global settings and wallpaper image. This issue affects a...

8.5CVSS6.9AI score0.00139EPSS
Exploits0References1
Rows per page
Query Builder