Lucene search
K

233 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25620

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00298EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-14250

Malicious code in bioql PyPI...

7.5CVSS3.8AI score0.00589EPSS
Exploits1References6
Veracode
Veracode
added 2025/09/20 6:28 a.m.5 views

Unauthorized Access

Liferay Portal is vulnerable to Unauthorized Access. The vulnerability is due to improper access control because unauthenticated users guests can access files uploaded by object entries and stored in documentlibrary via direct URL...

5.3CVSS7AI score0.00298EPSS
Exploits0References6Affected Software3
Veracode
Veracode
added 2025/09/19 12:33 p.m.5 views

Denial Of Service (DoS)

Liferay Portal is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient restrictions on file uploads through forms, which are stored in the documentlibrary, allowing an attacker to upload unlimited files and cause a potential DDoS...

6.5CVSS6.7AI score0.00355EPSS
Exploits0References5Affected Software2
vulnersOsv
vulnersOsv
added 2025/09/17 12:31 a.m.7 views

com.liferay:com.liferay.calendar.service (>=2.2.0 <=2.5.7), com.liferay:com.liferay.document.library.service (>=1.0.0 <=2.0.6) +10 more potentially affected by CVE-2025-43804 via com.liferay:com.liferay.portal.search (>=1.0.0 <=8.0.113)

com.liferay:com.liferay.portal.search MAVEN version =1.0.0, =2.2.0, =1.0.0, =1.1.29, =1.1.0, =1.0.0, =1.0.10, =3.4.9, =1.0.0, =2.0.5, =1.0.0, =1.2.2, =2.1.2, =2.1.11 Source cves: CVE-2025-43804 Source advisory: OSV:GHSA-CCRC-5VP5-VP5J...

6.1CVSS5.8AI score0.00216EPSS
Exploits0
Veracode
Veracode
added 2025/09/16 6:19 a.m.6 views

Denial Of Service (DoS)

com.liferay.portal, release.portal.bom are vulnerable to Denial Of Service DoS. The vulnerability is due to allowing unlimited file uploads through object entries attachment fields, which are stored in the documentlibrary, allowing an attacker to cause a potential Denial-of-Service DDoS attack...

6.5CVSS6.8AI score0.00288EPSS
Exploits0References7Affected Software2
Veracode
Veracode
added 2025/09/11 11:8 a.m.2 views

Improper Access Control

com.liferay.portal, release.portal.bom is vulnerable to Improper Access Control. The vulnerability is due to insufficient access restrictions on files uploaded via forms and stored in the documentlibrary, which allows an attacker to directly access these files through crafted URLs without...

5.3CVSS6.6AI score0.00245EPSS
Exploits0References6Affected Software2
RedhatCVE
RedhatCVE
added 2025/08/24 7:26 p.m.7 views

CVE-2025-43762

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...

5.3CVSS6.9AI score0.00355EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/24 6:28 p.m.6 views

CVE-2025-43758

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...

5.3CVSS7.1AI score0.00298EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/24 12:13 a.m.5 views

CVE-2025-43752

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...

5.3CVSS6.9AI score0.00288EPSS
Exploits0References1
Snyk
Snyk
added 2025/08/22 9:31 p.m.4 views

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties files uploaded by object entry and stored in documentlibrary, via URL. Remediation Upgrade com.liferay:com.liferay.object.dynamic.data.mapping.form.field.type to version 1.0.65 or...

5.3CVSS6.9AI score0.00298EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/22 9:31 p.m.2 views

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties files uploaded by object entry and stored in documentlibrary, via URL. Remediation Upgrade com.liferay:com.liferay.object.web to version 1.0.219 or higher. References - GitHub Commit -...

5.3CVSS6.9AI score0.00298EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/22 9:31 p.m.1 views

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties files uploaded by object entry and stored in documentlibrary, via URL. Remediation Upgrade com.liferay:com.liferay.frontend.js.web to version 5.0.125 or higher. References - GitHub...

5.3CVSS6.9AI score0.00298EPSS
Exploits0References2
OSV
OSV
added 2025/08/22 9:31 p.m.2 views

GHSA-MM62-GWJ5-J285 Liferay Portal's unauthenticated users can access loaded files via URL before submitting the object entry

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...

5.3CVSS6AI score0.00298EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/08/22 9:31 p.m.9 views

Liferay Portal users can upload an unlimited amount of files

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...

6.5CVSS6.8AI score0.00355EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2025/08/22 9:31 p.m.7 views

Liferay Portal's unauthenticated users can access loaded files via URL before submitting the object entry

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...

5.3CVSS7AI score0.00298EPSS
Exploits0References6Affected Software3
OSV
OSV
added 2025/08/22 9:31 p.m.4 views

GHSA-84PP-QR92-95C9 Liferay Portal users can upload an unlimited amount of files

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...

5.3CVSS5.9AI score0.00355EPSS
Exploits0References5
NVD
NVD
added 2025/08/22 7:15 p.m.6 views

CVE-2025-43762

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...

6.5CVSS0.00355EPSS
Exploits0References1
NVD
NVD
added 2025/08/22 7:15 p.m.4 views

CVE-2025-43758

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...

5.3CVSS0.00298EPSS
Exploits0References1
OSV
OSV
added 2025/08/22 7:15 p.m.4 views

CVE-2025-43758

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...

5.3CVSS5.8AI score0.00298EPSS
Exploits0References1
Rows per page
Query Builder