PT-2025-40037

Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older...

CVE-2025-43813

Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older...

CVE-2025-43813

Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older...

CVE-2025-43813

Summary (CVE-2025-43813) : Liferay Portal (ComboServlet) is vulnerable to path traversal in affected versions (Portal 7.4.0–7.4.3.107, older unsupported; Liferay DXP 2023.Q3/Q4 series; related 7.4/7.3 GA updates). The flaw allows remote attackers to access arbitrary CSS/JS files and load them rep...

Liferay Portal和Liferay DXP 路径遍历漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

CVE-2025-58980

Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS export-wp-page-to-static-html allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export WP Page to Static HTML/CSS: from n/a through = 4.1.0...

Linux Distros Unpatched Vulnerability : CVE-2015-5826

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets CSS document is required to have the text/css content type,...

Linux Distros Unpatched Vulnerability : CVE-2011-3443

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service hea...

Linux Distros Unpatched Vulnerability : CVE-2014-4465

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style...

Linux Distros Unpatched Vulnerability : CVE-2011-1691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets CSS implementation in WebCore in WebKit before r82222, as used i...

Linux Distros Unpatched Vulnerability : CVE-2011-0161

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the...

Linux Distros Unpatched Vulnerability : CVE-2010-3822

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during...

Linux Distros Unpatched Vulnerability : CVE-2010-3819

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an...

Linux Distros Unpatched Vulnerability : CVE-2011-3885

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact...

CVE-2025-58980

CVE-2025-58980 describes a Missing Authorization vulnerability in the WordPress plugin Export WP Page to Static HTML/CSS , affecting versions from n/a up to and including 4.1.0 . Root cause: lack of proper authorization checks allows accessing functionality not constrained by ACLs. Impact: unauth...

PT-2025-36801

Name of the Vulnerable Software and Affected Versions: Export WP Page to Static HTML/CSS versions n/a through 4.1.0 Description: A missing authorization issue exists in Export WP Page to Static HTML/CSS, allowing access to functionality not properly constrained by Access Control Lists ACLs...

Malicious code in gravity-optimize-css-assets-webpack-plugin-selenium-rollup-plugin (npm)

The package gravity-optimize-css-assets-webpack-plugin-selenium-rollup-plugin was found to contain malicious code...

Malicious code in optimize-css-assets-webpack-plugin-astrophysics-mechatronics-brane (npm)

The package optimize-css-assets-webpack-plugin-astrophysics-mechatronics-brane was found to contain malicious code...

MAL-2025-45092 Malicious code in magnetosphere-dotenv-safe-optimize-css-assets-webpack-plugin-mineralogy (npm)

The package magnetosphere-dotenv-safe-optimize-css-assets-webpack-plugin-mineralogy was found to contain malicious code...

MAL-2025-43788 Malicious code in chromedriver-css-minimizer-webpack-plugin-petrology-on (npm)

The package chromedriver-css-minimizer-webpack-plugin-petrology-on was found to contain malicious code...