Lucene search
K

16 matches found

Vulnrichment
Vulnrichment
added 2025/12/26 12:0 a.m.4 views

CVE-2025-67015

Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the Administrator password and escalate privileges via sending a crafted POST request to /Forms/adminaccess1...

6.9AI score0.00407EPSS
Exploits1References2
Veracode
Veracode
added 2025/12/13 4:43 a.m.7 views

Stored Cross-Site Scripting

Liferay Portal and Liferay DXP are vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of user-controlled input, where the name of a fieldset in Kaleo Forms Admin is stored without proper escaping, allowing an authenticated attacker to persistently...

6.1CVSS5.7AI score0.00209EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-27270

Malicious code in bioql PyPI...

4.8CVSS6.3AI score0.00209EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.27 views

EUVD-2023-12493

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00367EPSS
Exploits1References1
Snyk
Snyk
added 2025/09/09 3:30 a.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Name field in Kaleo Forms Admin. An attacker can execute arbitrary JavaScript code in the context of the user's browser by injecting a malicious payload that is stored and rendered without proper...

6.1CVSS5.2AI score0.00209EPSS
Exploits0References2
OSV
OSV
added 2025/09/09 3:30 a.m.5 views

GHSA-CPG4-QCJ8-42GP Liferay Portal is vulnerable to XSS attack through fieldset name in Kaleo Forms Admin

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.11, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 allows an...

4.8CVSS5.8AI score0.00209EPSS
Exploits0References4
NVD
NVD
added 2025/09/09 2:15 a.m.7 views

CVE-2025-43778

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.11, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 allows an...

6.1CVSS0.00209EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.13 views

PT-2025-36542

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2024.Q1.1 through 2024.Q1.20 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.0 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...

4.8CVSS5.6AI score0.00209EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/09/06 2:27 a.m.6 views

CVE-2025-43772

Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...

7.1CVSS7AI score0.00467EPSS
Exploits0References1
OSV
OSV
added 2025/09/04 12:30 p.m.6 views

GHSA-J4FW-4MHR-HC45 Liferay Portal Vulnerable to Denial of Service in Kaleo Forms Admin

Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...

7.1CVSS7.1AI score0.00467EPSS
Exploits0References6
NVD
NVD
added 2025/09/04 10:42 a.m.8 views

CVE-2025-43772

Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...

7.1CVSS0.00467EPSS
Exploits0References1
CVE
CVE
added 2025/09/04 1:57 a.m.18 views

CVE-2025-43772

Kaleo Forms Admin in Liferay Portal (7.0.0–7.4.3.4) and Liferay DXP (7.4 GA, 7.3 GA–update 27) is affected by a DoS due to not restricting saving of request parameters in the portlet session. The root cause is unvalidated/unrestricted storage of request data in memory, enabling remote attackers t...

7.1CVSS6.5AI score0.00467EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/04 1:57 a.m.4 views

CVE-2025-43772

Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...

7.1CVSS6.5AI score0.00467EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.7 views

PT-2025-35865

Name of the Vulnerable Software and Affected Versions: Kaleo Forms Admin in Liferay Portal versions 7.0.0 through 7.4.3.4 Kaleo Forms Admin in Liferay DXP versions 7.3 GA through update 27 Kaleo Forms Admin in Liferay DXP version 7.4 GA Older unsupported versions Description: The application does...

7.1CVSS6.6AI score0.00467EPSS
Exploits0References4
CVE
CVE
added 2024/06/06 4:3 p.m.63 views

CVE-2024-37156

CVE-2024-37156 affects SuluFormBundle (Sulu Admin) where the TokenController.get parameter formName is not sanitized in the returned input field, enabling Cross-Site Scripting (XSS). The issue is fixed in version 2.5.3. Mitigation is to upgrade to 2.5.3 or apply the provided patch; no exploit det...

6.1CVSS6AI score0.00292EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/08/16 12:0 a.m.5 views

OpenEMR SQL Injection Vulnerability (CNVD-2018-17198)

OpenEMR is an open source medical management system maintained by the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A SQL injection vulnerability exists in the...

8.8CVSS9.4AI score0.02384EPSS
Exploits1References1
Rows per page
Query Builder