Liferay Portal和Liferay DXP 跨站请求伪造漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DX...

Liferay Portal和Liferay DXP 路径遍历漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc.Liferay DXP ...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

CVE-2025-43817

Multiple reflected cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.74 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 74 through update 92 allow remote attackers to inject arbitrary web script or HTML via the redirect...

Linux Distros Unpatched Vulnerability : CVE-2024-23790

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue...

PT-2025-1435 · Unknown · Synnefo Internet Management

Name of the Vulnerable Software and Affected Versions: Synnefo Internet Management Software versions 2023 and earlier Description: A SQL injection issue exists due to improper input validation in a specific API endpoint parameter, allowing an attacker to manipulate SQL queries via crafted input...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

CVE-2024-44818

Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the HTTPReferer header of the caina.php component...

CVE-2024-44817

SQL Injection vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the id parameter in the adv2.php component...

PT-2024-31265 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS versions 2023 and earlier Description: The issue allows a remote attacker to obtain sensitive information via the HTTP Referer header of the caina.php component. This is a Cross Site Scripting vulnerability, which enables the attacker t...

PT-2024-20106 · Mailcow · Mailcow

Name of the Vulnerable Software and Affected Versions: mailcow versions 2023-12a and prior Description: The application is vulnerable to a pixel flood attack. Once the payload has been successfully uploaded in the logo, the application becomes slow and unresponsive in the admin page...

PT-2023-27819 · Autodesk · Autodesk Autocad

Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD versions 2023 through 2024 Description: A maliciously crafted STP file can be used to dereference an untrusted pointer when parsed through the affected software. This issue could lead to code execution in the current process...

PT-2023-5578 · Autodesk · Autodesk Autocad

Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD versions 2023 through 2024 Description: A maliciously crafted PRT file can cause a Heap-Based Buffer Overflow when parsed through Autodesk AutoCAD. This issue can be leveraged by a malicious actor to cause a crash, read...

PT-2023-5413 · Autodesk · Autodesk Autocad

Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD versions 2023 through 2024 Description: The issue is related to a memory corruption vulnerability when parsing certain file types, including SLDASM, MODEL, SAT, and CATPART files. This vulnerability can be exploited to execut...

CVE-2023-2763

Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while...

Autodesk AutoCAD 缓冲区错误漏洞

Autodesk AutoCAD is a suite of professional 3D drawing software from the US-based Autodesk Corporation. Autodesk AutoCAD suffers from a buffer error vulnerability that stems from the fact that parsing a maliciously crafted XB file may force a read beyond the allocated boundaries. This...