Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

38 matches found

RedhatCVE
RedhatCVEadded 2025/11/01 6:55 p.m.8 views

CVE-2025-62267

Multiple cross-site scripting XSS vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary we...

6.1CVSS5.9AI score0.00028EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/10/31 12:0 a.m.3 views

PT-2025-44661

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.35 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.10 Liferay Portal versions 7.4 update 35 through update 92 Description The software contains...

6.1CVSS6.3AI score0.00028EPSS
Exploits0References14
OSV
OSVadded 2025/10/30 12:31 a.m.1 views

GHSA-8HW3-GHWV-CRFH Liferay Portal vulnerable to password enumeration

Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers t...

6.3CVSS7.1AI score0.00016EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2025/10/27 12:0 a.m.4 views

PT-2025-44052

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3 GA through update 35 Liferay Portal versions 7.4.0 through 7.4.3.99 Liferay Portal versions 7.4 GA through update 92 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Description The software does not limit the numbe...

7.5CVSS6.7AI score0.00169EPSS
Exploits0References12
Cvelist
Cvelistadded 2025/10/21 6:12 p.m.7 views

CVE-2025-62249

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0 through 2025.Q3.2, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13,...

6.9CVSS0.00025EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/13 6:31 p.m.1 views

EUVD-2025-34074

Liferay Publications vulnerable to Authorization Bypass Through User-Controlled Key...

4.8CVSS6.4AI score0.00047EPSS
Exploits0References4
OSV
OSVadded 2025/10/13 5:15 p.m.3 views

CVE-2025-62244

Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allows remote authenticated attackers to view the edi...

4.3CVSS6.4AI score0.00047EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2025-27275

Malicious code in bioql PyPI...

4.6CVSS6.3AI score0.00044EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.5 views

EUVD-2025-25497

Malicious code in bioql PyPI...

4.8CVSS6.6AI score0.00058EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-25620

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00141EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2025/09/29 9:59 p.m.2 views

CVE-2025-43811

Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...

4.8CVSS5AI score0.00033EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/09/24 10:28 p.m.7 views

CVE-2025-43806

Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authenticated users to access the exported data via...

5.3CVSS6.7AI score0.00075EPSS
Exploits0References1
Snyk
Snykadded 2025/09/24 3:30 a.m.3 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the SpSessionTerminationSamlPortalFilter. An attacker can gain unauthorized access to user accounts by reusing old session tokens via the SLO API, causing the session to be reinitialized when it should...

6.5CVSS7AI score0.00064EPSS
Exploits0References2
NVD
NVDadded 2025/09/24 2:15 a.m.4 views

CVE-2025-43819

A Insufficient Session Expiration vulnerability in the Liferay Portal 7.4.3.121 through 7.3.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.12 is allow an remote non-authenticated attacker to reuse old...

6.5CVSS0.00064EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/09/24 12:56 a.m.3 views

CVE-2025-43779

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via...

6.9CVSS5.6AI score0.00045EPSS
Exploits0References1
CVE
CVEadded 2025/09/19 7:15 p.m.12 views

CVE-2025-43809

The CVE-2025-43809 CSRF issue affects Liferay Portal/ Liferay DXP, specifically server license registration via the orderUuid parameter. Affected products/versions include Liferay Portal 7.4.0–7.4.3.111 and older unsupported versions, and Liferay DXP 2023.Q4.0–2023.Q4.7, 2023.Q3.1–2023.Q3.9, plus...

5.1CVSS6.6AI score0.0001EPSS
Exploits0References1Affected Software2
Cvelist
Cvelistadded 2025/09/19 6:50 p.m.5 views

CVE-2025-43803

Insecure direct object reference IDOR vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows...

6.9CVSS0.00077EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/09/17 10:46 p.m.4 views

CVE-2025-43798

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password TOTP to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user...

2.1CVSS7AI score0.00043EPSS
Exploits0References1
OSV
OSVadded 2025/09/15 9:15 p.m.4 views

CVE-2025-43798

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password TOTP to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user...

6.5CVSS5.8AI score0.00043EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/09/09 7:8 p.m.7 views

CVE-2025-43786

Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update 92 allow attackers to determine existent ERC in the application by exploit t...

6.9CVSS0.00062EPSS
Exploits0References1
Rows per page
Query Builder