Lucene search
K

4 matches found

Veracode
Veracode
added 2025/12/04 4:43 a.m.6 views

Insecure Direct Object Reference (IDOR)

com.liferay, com.liferay.change.tracking.web is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the AccountEntriesAdminPortlet’s addressId parameter, which allows an attacker to access addresses belonging to other accounts by manipulatin...

5.3CVSS6.6AI score0.00273EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.4 views

PT-2025-41803

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.4 through 7.4.3.111 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay Portal versions 7.4 GA through update 92 Description An Insecure Direct Object Referenc...

5.3CVSS6.4AI score0.00273EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.4 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

5.3CVSS6.4AI score0.00273EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2023/01/26 1:0 a.m.19 views

"2.6 million DuoLingo account entries" up for sale

Not a week goes by where we dont see an example of data scraping causing concern for both business and folks at home. The latest target happens to be popular language platform DuoLingo, who is currently digging into a forum post concerning data related to its customer accounts. Scraping data for...

6.9AI score
Exploits0
Rows per page
Query Builder