EUVD-2025-25497

Malicious code in bioql PyPI...

CVE-2025-43747

A server-side request forgery SSRF vulnerability exists in the Liferay DXP 2025.Q2.0 through 2025.Q2.3 due to insecure domain validation on analytics.cloud.domain.allowed, allowing an attacker to perform requests by change the domain and bypassing the validation method, this insecure validation i...

CVE-2025-43747

A server-side request forgery SSRF vulnerability exists in the Liferay DXP 2025.Q2.0 through 2025.Q2.3 due to insecure domain validation on analytics.cloud.domain.allowed, allowing an attacker to perform requests by change the domain and bypassing the validation method, this insecure validation i...

CVE-2025-43747

The CVE-2025-43747 entry documents a server‑side request forgery (SSRF) in Liferay DXP 2025.Q2.0–2025.Q2.3 caused by insecure domain validation on analytics.cloud.domain.allowed, which permits an attacker to craft requests by altering the domain and bypasses the validation mechanism that does not...

PT-2025-34298 · Liferay · Liferay Dxp

Name of the Vulnerable Software and Affected Versions: Liferay DXP versions 2025.Q2.0 through 2025.Q2.3 Description: A server-side request forgery SSRF vulnerability exists due to insecure domain validation on analytics.cloud.domain.allowed. This allows an attacker to perform requests by changing...

Liferay DXP 代码问题漏洞

Liferay DXP is a suite of digital experience collaboration platforms from Liferay USA. A code issue vulnerability exists in Liferay DXP versions 2025.Q2.0 through 2025.Q2.3, which stems from insecure validation of analytics.cloud.domain.allowed domain names, which could lead to a server-side...