CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1895 matches found

Vulnrichment•added 2025/09/12 7:55 p.m.•2 views

CVE-2025-43795

Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via t...

5.1CVSS6.6AI score0.00058EPSS

Exploits0References1

Positive Technologies•added 2025/09/12 12:0 a.m.•2 views

PT-2025-37346

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.1.0 through 7.4.3.101 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay Portal 7.4 GA through update 92 Liferay Portal 7.3 GA through update 35 Older unsupported versions Description: An open redirect issue...

6.1CVSS6.5AI score0.00058EPSS

Exploits0References11

OSV•added 2025/09/11 6:35 p.m.•1 views

GHSA-5WXC-3JFW-W94P Liferay Portal is vulnerable to Insecure Direct Object Reference (IDOR) attack through Authentication Bypass

An Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to access, create, edit, relate...

7.4CVSS6.4AI score0.00093EPSS

Exploits0References5

Snyk•added 2025/09/11 6:35 p.m.•2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper access control in the getValue for objects. An attacker can gain unauthorized access to, create, edit, or relate data and object entries or definitions across different virtu...

8.1CVSS6.8AI score0.00093EPSS

Exploits0References2

Github Security Blog•added 2025/09/11 6:35 p.m.•4 views

Liferay Portal is vulnerable to Insecure Direct Object Reference (IDOR) attack through Authentication Bypass

8.1CVSS6.5AI score0.00093EPSS

Exploits0References5Affected Software1

NVD•added 2025/09/11 6:15 p.m.•1 views

CVE-2025-43790

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to access, create, edit, relate...

8.1CVSS0.00093EPSS

Exploits0References1

OSV•added 2025/09/11 6:15 p.m.•0 views

CVE-2025-43790

8.1CVSS6.7AI score0.00093EPSS

Exploits0References1

Cvelist•added 2025/09/11 5:54 p.m.•4 views

CVE-2025-43790

7.4CVSS0.00093EPSS

Exploits0References1

Vulnrichment•added 2025/09/11 5:54 p.m.•1 views

CVE-2025-43790

7.4CVSS6.4AI score0.00093EPSS

Exploits0References1

CVE•added 2025/09/11 5:54 p.m.•11 views

CVE-2025-43790

CVE-2025-43790 is an IDOR vulnerability in Liferay Portal 7.4.0–7.4.3.124 and Liferay DXP 2024.Q2.0–2024.Q2.6, 2024.Q1.1–2024.Q1.12, and 7.4 GA through update 92. The issue allows remote authenticated users to move from one virtual instance to access, create, edit, or relate data/definitions in a...

8.1CVSS6.4AI score0.00093EPSS

Exploits0References1Affected Software2

RedhatCVE•added 2025/09/11 12:16 a.m.•4 views

CVE-2025-43763

A server-side request forgery SSRF vulnerability exist in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 that affects custom object attachment fields. This flaw...

4.8CVSS6.8AI score0.00053EPSS

Exploits0References1

Tenable Nessus•added 2025/09/10 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2016-3824

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not...

7.8CVSS7.8AI score0.00023EPSS

Exploits0References2

Vulnrichment•added 2025/09/08 11:24 p.m.•1 views

CVE-2025-43763

4.8CVSS6.4AI score0.00053EPSS

Exploits0References1

Positive Technologies•added 2025/09/08 12:0 a.m.•3 views

PT-2025-36527

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.131 Liferay DXP versions 2024.Q1.1 through 2024.Q1.20 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.0 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...

4.8CVSS6.5AI score0.00053EPSS

Exploits0References11

Veracode•added 2025/09/04 9:13 a.m.•2 views

Improper Access Control

github.com/aws/amazon-ecs-agent is vulnerable to improper access control. The vulnerability is due to the introspection server being accessible off-host under certain security group configurations, which allows an attacker from another instance to gain unauthorized access to the server...

5.3CVSS6.8AI score0.00061EPSS

Exploits0References4Affected Software1

Microsoft CVE•added 2025/09/03 10:8 p.m.•2 views

scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance

...

4.7CVSS7AI score0.00014EPSS

Exploits0

NVD•added 2025/09/01 6:15 p.m.•1 views

CVE-2025-3586

In Liferay Portal 7.4.3.27 through 7.4.3.42, and Liferay DXP 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 27 through update 42 Liferay PaaS, and Liferay Self-Hosted, the Objects module does not restrict the use of Groovy scripts in Object...

7.5CVSS0.00542EPSS

Exploits0References1

OSV•added 2025/09/01 6:15 p.m.•2 views

CVE-2025-3586

7.2CVSS7.8AI score0.00542EPSS

Exploits0References1

Cvelist•added 2025/09/01 6:7 p.m.•4 views

CVE-2025-3586

7.5CVSS0.00542EPSS

Exploits0References1