GHSA-5WXC-3JFW-W94P Liferay Portal is vulnerable to Insecure Direct Object Reference (IDOR) attack through Authentication Bypass

An Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to access, create, edit, relate...

Liferay Portal is vulnerable to Insecure Direct Object Reference (IDOR) attack through Authentication Bypass

An Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to access, create, edit, relate...

Liferay Portal API Allows Authenticated Users to Access Workflow Definitions by Name

An Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote authenticated users to access a workflow definition by name via the API...

CVE-2025-43790

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to access, create, edit, relate...

CVE-2025-43790

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to access, create, edit, relate...

CVE-2025-43782

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote authenticated users to access a workflow definition by name via the API...

CVE-2025-43782

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote authenticated users to access a workflow definition by name via the API...

CVE-2025-43790

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to access, create, edit, relate...

CVE-2025-43790

CVE-2025-43790 is an IDOR vulnerability in Liferay Portal 7.4.0–7.4.3.124 and Liferay DXP 2024.Q2.0–2024.Q2.6, 2024.Q1.1–2024.Q1.12, and 7.4 GA through update 92. The issue allows remote authenticated users to move from one virtual instance to access, create, edit, or relate data/definitions in a...

CVE-2025-43782

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote authenticated users to access a workflow definition by name via the API...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

PT-2025-37254

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.124 Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 Liferay DXP versions 2024.Q2.0 through 2024.Q2.6 Description: An Insecure Direct Object Reference IDOR vulnerability exists. This allows remote...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

PT-2025-37252

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.124 Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 Liferay DXP versions 2024.Q2.0 through 2024.Q2.7 Description: An Insecure Direct Object Reference IDOR vulnerability exists in Liferay Portal an...

CVE-2025-7718 Resideo Plugin for Resideo - Real Estate WordPress Theme <= 2.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Privilege Escalation via Account Takeover

The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.5.4. This is due to the plugin not properly validating a user's identity prior to updating their details like email...

CVE-2025-7718 Resideo Plugin for Resideo - Real Estate WordPress Theme <= 2.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Privilege Escalation via Account Takeover

The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.5.4. This is due to the plugin not properly validating a user's identity prior to updating their details like email...

CVE-2025-52389

An Insecure Direct Object Reference IDOR in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows authenticated attackers to access sensitive data for other users via a crafted HTTP request...

Linux Distros Unpatched Vulnerability : CVE-2020-27742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the...

CVE-2025-52389

An Insecure Direct Object Reference IDOR in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows authenticated attackers to access sensitive data for other users via a crafted HTTP request...

Envasadora H2O Soda Cristal 安全漏洞

Envasadora H2O Soda Cristal is an application from Envasadora H2O, Brazil. A security vulnerability exists in Envasadora H2O Soda Cristal version v40.20.4, which stems from an insecure direct object reference that could lead to the disclosure of sensitive data...