CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

EUVD•added 2026/03/11 12:26 a.m.•2 views

EUVD-2026-11255

Parse Server vulnerable to SQL injection via Increment operation on nested object field in PostgreSQL...

9.3CVSS5.8AI score0.00042EPSS

Exploits0References3

Snyk•added 2026/02/05 8:51 p.m.•1 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user accounts by injecting crafted SQL statements. Note: This is only exploitable if a Drizzle-based...

9.8CVSS5.8AI score0.00039EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-29429

Malicious code in bioql PyPI...

6.6AI score

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-27275

Malicious code in bioql PyPI...

4.6CVSS6.3AI score0.00044EPSS

Exploits0References1

Github Security Blog•added 2025/09/15 9:30 p.m.•5 views

Liferay Portal Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a...

6.1CVSS6AI score0.00044EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2025/09/09 3:31 p.m.•5 views

Liferay Portal and Liferay DXP vulnerable to store Cross-site Scripting

A stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA...

5.4CVSS6.1AI score0.00044EPSS

Exploits0References4Affected Software3

NVD•added 2025/09/09 3:15 p.m.•7 views

CVE-2025-43776

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA...

5.4CVSS0.00044EPSS

Exploits0References1

Vulnrichment•added 2025/09/09 2:18 p.m.•1 views

CVE-2025-43776

4.6CVSS5.3AI score0.00044EPSS

Exploits0References1

CVE•added 2025/09/09 2:18 p.m.•11 views

CVE-2025-43776

CVE-2025-43776 is a stored cross-site scripting vulnerability in Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP 2025.Q1.0–Q2.9 (plus earlier 2024 Q1–Q4 releases) where an authenticated attacker can inject JavaScript via the Custom Object field label. The malicious payload is stored and executed v...

5.4CVSS5.3AI score0.00044EPSS

Exploits0References1Affected Software2

RedhatCVE•added 2025/05/22 11:57 p.m.•4 views

CVE-2022-42115

Cross-site scripting XSS vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's Label text field...

5.4CVSS5.8AI score0.002EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by