233 matches found
EUVD-2025-25620
Malicious code in bioql PyPI...
EUVD-2025-14250
Malicious code in bioql PyPI...
Unauthorized Access
Liferay Portal is vulnerable to Unauthorized Access. The vulnerability is due to improper access control because unauthenticated users guests can access files uploaded by object entries and stored in documentlibrary via direct URL...
Denial Of Service (DoS)
Liferay Portal is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient restrictions on file uploads through forms, which are stored in the documentlibrary, allowing an attacker to upload unlimited files and cause a potential DDoS...
com.liferay:com.liferay.calendar.service (>=2.2.0 <=2.5.7), com.liferay:com.liferay.document.library.service (>=1.0.0 <=2.0.6) +10 more potentially affected by CVE-2025-43804 via com.liferay:com.liferay.portal.search (>=1.0.0 <=8.0.113)
com.liferay:com.liferay.portal.search MAVEN version =1.0.0, =2.2.0, =1.0.0, =1.1.29, =1.1.0, =1.0.0, =1.0.10, =3.4.9, =1.0.0, =2.0.5, =1.0.0, =1.2.2, =2.1.2, =2.1.11 Source cves: CVE-2025-43804 Source advisory: OSV:GHSA-CCRC-5VP5-VP5J...
Denial Of Service (DoS)
com.liferay.portal, release.portal.bom are vulnerable to Denial Of Service DoS. The vulnerability is due to allowing unlimited file uploads through object entries attachment fields, which are stored in the documentlibrary, allowing an attacker to cause a potential Denial-of-Service DDoS attack...
Improper Access Control
com.liferay.portal, release.portal.bom is vulnerable to Improper Access Control. The vulnerability is due to insufficient access restrictions on files uploaded via forms and stored in the documentlibrary, which allows an attacker to directly access these files through crafted URLs without...
CVE-2025-43762
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...
CVE-2025-43758
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...
CVE-2025-43752
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...
Files or Directories Accessible to External Parties
Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties files uploaded by object entry and stored in documentlibrary, via URL. Remediation Upgrade com.liferay:com.liferay.object.dynamic.data.mapping.form.field.type to version 1.0.65 or...
Files or Directories Accessible to External Parties
Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties files uploaded by object entry and stored in documentlibrary, via URL. Remediation Upgrade com.liferay:com.liferay.object.web to version 1.0.219 or higher. References - GitHub Commit -...
Files or Directories Accessible to External Parties
Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties files uploaded by object entry and stored in documentlibrary, via URL. Remediation Upgrade com.liferay:com.liferay.frontend.js.web to version 5.0.125 or higher. References - GitHub...
GHSA-MM62-GWJ5-J285 Liferay Portal's unauthenticated users can access loaded files via URL before submitting the object entry
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...
Liferay Portal users can upload an unlimited amount of files
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...
Liferay Portal's unauthenticated users can access loaded files via URL before submitting the object entry
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...
GHSA-84PP-QR92-95C9 Liferay Portal users can upload an unlimited amount of files
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...
CVE-2025-43762
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...
CVE-2025-43758
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...
CVE-2025-43758
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...