15 matches found
CVE-2026-31019
In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code...
EUVD-2025-36374
Liferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has verified their email address, which allows remote...
CVE-2025-62259
Liferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has verified their email address, which allows remote...
CVE-2025-62259
Liferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has verified their email address, which allows remote...
CVE-2025-62259
Liferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has verified their email address, which allows remote...
CVE-2025-62259
CVE-2025-62259 affects Liferay Portal and Liferay DXP where API access is not restricted until email verification, enabling remote modification of content via API in affected releases (e.g., Portal 7.4.0–7.4.3.109; DXP 2023.Q3.1–2023.Q3.4; GA/update chains up to 7.4 GA update 92 and 7.3 GA update...
CVE-2025-43799
Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has changed their initial password, whi...
GHSA-43XF-59VR-G4F2 Liferay Portal Uses Default Password
Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has changed their initial password, whi...
CVE-2025-43799
Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has changed their initial password, whi...
CVE-2025-43799
CVE-2025-43799 affects Liferay Portal 7.4.0–7.4.3.111 (and older unsupported versions) and Liferay DXP 2023.Q4.0, 2023.Q3.1–3.4, 7.4 GA up to update 92, and 7.3 GA up to update 35. The issue: APIs may be accessible before a user changes their initial password, allowing remote users to access and ...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
PT-2023-20170 · Unknown · @Backstage/Plugin-Catalog-Backend +2
Name of the Vulnerable Software and Affected Versions: @backstage/catalog-model versions prior to 1.2.0 @backstage/core-components versions prior to 0.12.4 @backstage/plugin-catalog-backend versions prior to 1.7.2 Description: This issue allows a malicious actor with access to add or modify conte...
DRUPAL-CORE-2021-005
The Drupal project uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal. Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content even without...
Unauthorized Access Vulnerability in Phisung House Website Building System
Phaethon House is an online notebook for operators and maintainers. An unauthorized access vulnerability exists in the Phaidon House builder system, which can be exploited by an attacker to arbitrarily edit site content...
CVE-2019-16061
A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system to read sensitive data e.g., .htpasswd and create/modify/delete content e.g., under /var/www/html/docs with...