Lucene search
K

9 matches found

Github Security Blog
Github Security Blog
added 2026/04/29 9:44 p.m.37 views

Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.php

Summary The contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring roladministrator=true and the contactsshowall system setting. A user manager...

4.9CVSS5.7AI score0.00322EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/29 9:44 p.m.6 views

GHSA-G8P8-94F2-28GR Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.php

Summary The contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring roladministrator=true and the contactsshowall system setting. A user manager...

4.9CVSS5.9AI score0.00322EPSS
Exploits0References4
HackRead
HackRead
added 2026/01/09 8:20 p.m.8 views

Why AI-Powered Cyber Defense Is No Longer Optional for Modern Businesses

Large businesses or governments aren't the only ones threatened by cyber attacks. Every organization is now equally threatened.…...

7AI score
Exploits0
Veracode
Veracode
added 2025/10/23 9:5 a.m.5 views

Improper Authorization

com.liferay, com.liferay.organizations.item.selector.web is vulnerable to an improper authorization. The vulnerability is due to the organization selector not checking user permissions, which allows an attacker to obtain a list of all organizations...

5.3CVSS6.9AI score0.00244EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/14 2:27 a.m.7 views

CVE-2025-43788

The organization selector in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q1.1 through 2024.Q1.12 and 7.4 update 81 through update 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations...

5.3CVSS6.8AI score0.00244EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/12 2:22 a.m.2 views

CVE-2025-43788

The organization selector in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q1.1 through 2024.Q1.12 and 7.4 update 81 through update 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations...

5.3CVSS6.3AI score0.00244EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/12 12:0 a.m.5 views

PT-2025-37277

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.124 Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 Liferay DXP versions 7.4 update 81 through update 85 Description: The organization selector does not verify user permissions, potentially allowi...

5.3CVSS6.4AI score0.00244EPSS
Exploits0References8
OSV
OSV
added 2023/08/02 12:30 p.m.2 views

GHSA-XPH3-VJCQ-G488 Liferay Portal and Liferay DXP Organization Selector Does Not Check User Permissions

The organization selector before 4.0.14 from Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations...

4.3CVSS4.6AI score0.0043EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2019/12/25 4:44 p.m.10 views

How Organizations Can Defend Against Advanced Persistent Threats

Advanced persistent threats APTs have emerged to be legitimate concerns for all organizations. APTs are threat actors that breach networks and infrastructures and stealthily lurk within them over extended spans of time. They typically perform complex hacks that allow them to steal or destroy data...

5.9AI score
Exploits0
Rows per page
Query Builder