1895 matches found
UBUNTU-CVE-2022-50319
In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: remove cpuhp instance node before remove cpuhp state cpuhpstateaddinstance and cpuhpstateremoveinstance should be used in pairs. Or there will lead to the warn on cpuhpremovemultistate since the cpuhpstep list is...
CVE-2022-50319
CVE-2022-50319 affects the Linux kernel’s coresight/trbe path. The vulnerability stems from cpuhp_state_add_instance() and cpuhp_state_remove_instance() not being used in proper pairs, which can trigger a warning in cpuhp_remove_multi_state() due to a non-empty cpuhp_step list, potentially leavin...
CVE-2022-50319 coresight: trbe: remove cpuhp instance node before remove cpuhp state
In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: remove cpuhp instance node before remove cpuhp state cpuhpstateaddinstance and cpuhpstateremoveinstance should be used in pairs. Or there will lead to the warn on cpuhpremovemultistate since the cpuhpstep list is...
CVE-2022-50319 coresight: trbe: remove cpuhp instance node before remove cpuhp state
In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: remove cpuhp instance node before remove cpuhp state cpuhpstateaddinstance and cpuhpstateremoveinstance should be used in pairs. Or there will lead to the warn on cpuhpremovemultistate since the cpuhpstep list is...
Liferay Portal has stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote authenticated attacke...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the "CDN Host HTTP" or "CDN Host HTTPS" text fields in the Instance Configuration. An attacker can execute arbitrary web scripts in the context of all pages by injecting a crafted payload into these fields...
GHSA-R45V-2289-JGR4 Liferay Portal has stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote authenticated attacke...
CVE-2025-43794
Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote authenticated attackers...
CVE-2025-43794
Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote authenticated attackers...
Liferay Portal和Liferay DXP 跨站脚本漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
CVE-2025-43795
Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via t...
Weakly Supervised Vulnerability Localization Via Multiple Instance Learning
Software vulnerability detection has emerged as a significant concern in the field of software security recently, capturing the attention of numerous researchers and developers. Most previous approaches focus on coarse-grained vulnerability detection, such as at the function or file level. Howeve...
CVE-2025-43790
Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to access, create, edit, relate...
Open Redirect
Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Open Redirect in the handling of the SystemSettingsPortlet.redirect, InstanceSettingsPortlet.redirect, and SiteSettingsPortlet.redirect parameters. An attacker can...
GHSA-M55R-9FX8-725J Liferay Portal's System, Instance and Site Settings are vulnerable to Open Redirect
An open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs vi...
Liferay Portal's System, Instance and Site Settings are vulnerable to Open Redirect
An open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs vi...
CVE-2025-43795
Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via t...
CVE-2025-43795
Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via t...
CVE-2025-43795
CVE-2025-43795: Open redirect vulnerabilities in Liferay Portal/DXP SystemSettingsPortlet, InstanceSettingsPortlet and SiteSettingsPortlet redirects (com_liferay_configuration_admin_web_portlet *_redirect). Affected: Liferay Portal 7.1.0–7.4.3.101; Liferay DXP 2023.Q3.1–2023.Q3.4; 7.4 GA up to up...
CVE-2025-43795
Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via t...