Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0

Summary A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. Impact An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potentially exposing unauthorized...

GHSA-M4HG-46PW-6MMV Liferay Portal vulnerable to reflected cross-site scripting via the `redirect` parameter

Multiple reflected cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.74 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 74 through update 92 allow remote attackers to inject arbitrary web script or HTML via the redirect...

Liferay Portal vulnerable to reflected cross-site scripting via the `redirect` parameter

Multiple reflected cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.74 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 74 through update 92 allow remote attackers to inject arbitrary web script or HTML via the redirect...

CVE-2025-30365

creationtimestamp| type| source ---|---|--- 2025-03-27 17:40:30+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3llettmrgml2u 2025-03-27 19:09:51+00:00| seen| https://t.me/cvedetector/21319...

CVE-2025-30361

creationtimestamp| type| source ---|---|--- 2025-03-27 17:40:27+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3llettkhw7r2v 2025-03-27 19:09:44+00:00| seen| https://t.me/cvedetector/21315...

CVE-2025-2000

creationtimestamp| type| source ---|---|--- 2025-03-14 13:48:26+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114161097463600507 2025-03-14 13:55:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lkdra5uxik26 2025-03-14 14:40:21+00:00| seen|...