Lucene search
K

357 matches found

Github Security Blog
Github Security Blog
added 2025/10/07 12:31 a.m.8 views

Liferay Profile Widget does not prevent vCard extension spoofing

The Profile Widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...

5.4CVSS6.5AI score0.00217EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:31 a.m.21 views

EUVD-2025-32592

The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...

4.8CVSS6.3AI score0.00217EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/07 12:31 a.m.6 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the Content-Disposition header. An attacker can manipulate the file extension of downloaded vCard files by supplying crafted input, potentially leading to user confusion or further exploitation. Remediation...

5.4CVSS7AI score0.00217EPSS
Exploits0References2
OSV
OSV
added 2025/10/07 12:31 a.m.61 views

GHSA-PFXJ-GVQG-MJ44 Liferay Profile Widget does not prevent vCard extension spoofing

The Profile Widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...

4.8CVSS6.4AI score0.00217EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-3751

Malware in sbrugna...

4.3CVSS6.4AI score0.01263EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2005-4762

Malware in sbrugna...

7.5CVSS6.4AI score0.01027EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2008-6735

Malware in sbrugna...

7.1CVSS6.4AI score0.02529EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-6851

Malware in sbrugna...

6.1CVSS6.3AI score0.00886EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2005-3331

Malware in sbrugna...

7.5CVSS6.4AI score0.02309EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-8360

Malware in sbrugna...

9.8CVSS9.1AI score0.03348EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-5338

Malware in sbrugna...

6.5CVSS6.9AI score0.03268EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2003-0099

Malware in sbrugna...

5CVSS6.4AI score0.01743EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2004-1821

Malware in sbrugna...

5CVSS6.4AI score0.0241EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2005-2550

Malware in sbrugna...

7.5CVSS6AI score0.04426EPSS
Exploits0References17
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2010-4085

Malware in sbrugna...

4.3CVSS6.3AI score0.01728EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-1360

Malware in sbrugna...

5.1CVSS6.3AI score0.04383EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2006-1234

Malware in sbrugna...

4.3CVSS6.3AI score0.02526EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-1803

Malware in sbrugna...

2.6CVSS6.4AI score0.01797EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-2807

Malware in sbrugna...

6.8CVSS6.4AI score0.01577EPSS
Exploits1References7
OSV
OSV
added 2025/10/06 10:15 p.m.14 views

CVE-2025-43824

The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...

5.4CVSS6.4AI score0.00217EPSS
Exploits0References1
Rows per page
Query Builder