Lucene search
K

49 matches found

CVE
CVE
added 2025/11/01 2:42 a.m.13 views

CVE-2025-62275

CVE-2025-62275 affects Liferay Portal 7.4.0–7.4.3.111 and older unsupported versions, and Liferay DXP 2023.Q3–2023.Q4, where images in blog entries bypass permission checks via crafted URLs. The issue stems from missing permission verification in image access within BlogsItemSelectorViewDisplayCo...

6.9CVSS6.5AI score0.00267EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 2025/10/31 6:31 p.m.6 views

EUVD-2025-37387

Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter...

5.1CVSS5.7AI score0.00221EPSS
Exploits0References3
NVD
NVD
added 2025/10/30 6:15 p.m.4 views

CVE-2025-62266

By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions is vulnerable to DNS rebinding attacks, which allow...

6.1CVSS0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/28 12:31 a.m.6 views

EUVD-2025-36377

Liferay Portal 7.4.0 through 7.4.3.99, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number of objects returned from Headless API requests, which allows remote attackers to perform denial-of-servi...

7.1CVSS6.5AI score0.00351EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/28 12:31 a.m.5 views

EUVD-2025-36360

Liferay Portal 7.4.0 through 7.4.3.99, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 34, and older unsupported versions stores password reset tokens in plain text, which allows attackers with access to the database to...

6.9CVSS6.4AI score0.00228EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.3 views

PT-2025-44029

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.7 through 7.4.3.103 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP 7.4 GA through update 92 Liferay Portal 7.3 service pack 3 through update 36 Description The software contains multiple cross-site...

5.4CVSS5.9AI score0.00202EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2025/10/23 12:0 a.m.5 views

PT-2025-43572

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3 GA through update 35 Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.5 Liferay DXP versions 2023.Q4.0 through 2023.Q4.2 Liferay Portal 7.4 GA through update 92...

7.5CVSS6.6AI score0.00508EPSS
Exploits0References17
EUVD
EUVD
added 2025/10/13 6:31 p.m.6 views

EUVD-2025-34073

Liferay Publications is vulnerable to Incorrect Authorization...

5.3CVSS6.5AI score0.0022EPSS
Exploits0References5
OSV
OSV
added 2025/10/08 1:15 p.m.5 views

CVE-2025-43821

Cross-site scripting XSS vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML v...

5.4CVSS5.8AI score0.00205EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/03 9:16 p.m.3 views

CVE-2025-43825

A vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.5, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA...

4.6CVSS6.4AI score0.00282EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-28007

Malicious code in bioql PyPI...

2.3CVSS6.3AI score0.00196EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-27431

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00216EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/30 10:46 p.m.9 views

CVE-2025-43820

Multiple cross-site scripting XSS vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allo...

4.8CVSS5.9AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/30 10:46 p.m.10 views

CVE-2025-43817

Multiple reflected cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.74 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 74 through update 92 allow remote attackers to inject arbitrary web script or HTML via the redirect...

4.8CVSS6AI score0.00199EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.8 views

PT-2025-40020

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.117 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.10 Liferay DXP versions 2024.Q1.1 through 2024.Q1.5 Liferay Portal 7.4 GA through update 92 Older...

5.3CVSS6.5AI score0.00269EPSS
Exploits0References11
OSV
OSV
added 2025/09/29 11:15 p.m.7 views

CVE-2025-43813

Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older...

8.2CVSS7.1AI score0.00464EPSS
Exploits0References1
OSV
OSV
added 2025/09/25 9:30 p.m.3 views

GHSA-HRQM-QPW9-W8RV Liferay Portal and DXP vulnerable to a memory leak

A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2024.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions...

6.9CVSS6.9AI score0.00312EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/25 12:0 a.m.7 views

PT-2025-39451

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.119 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2024.Q4.10 Liferay DXP versions 2024.Q1.1 through 2024.Q1.5 Liferay versions 7.4 GA through update 92 Olde...

6.9CVSS6.6AI score0.00312EPSS
Exploits0References8
CVE
CVE
added 2025/09/24 12:56 a.m.16 views

CVE-2025-43779

CVE-2025-43779 is a reflected XSS in Liferay Portal 7.4.0–7.4.3.112 and Liferay DXP 2024.Q1.1–2024.Q1.18, plus 7.4 GA through update 92. An authenticated remote attacker can inject and reflect JavaScript via the parameter _com_liferay_commerce_product_definitions_web_internal_portlet_CPDefinition...

6.9CVSS5.6AI score0.00216EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2025/09/19 7:15 p.m.5 views

CVE-2025-43803

Insecure direct object reference IDOR vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows...

4.3CVSS6.9AI score0.00257EPSS
Exploits0References1
Rows per page
Query Builder