Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25501

Malicious code in bioql PyPI...

7.1CVSS6.3AI score0.00131EPSS
Exploits0References4
Veracode
Veracode
added 2025/09/11 9:34 a.m.6 views

Cross-Site Request Forgery (CSRF)

com.liferay.portal, release.portal.bom is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient CSRF protection for omni-administrator users, which allows an attacker to execute unauthorized actions on behalf of the affected user...

7.1CVSS7.2AI score0.00131EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/22 2:31 p.m.4 views

CVE-2025-43748

Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows...

7.1CVSS7.6AI score0.00131EPSS
Exploits0References1
Snyk
Snyk
added 2025/08/20 3:31 p.m.1 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via insufficient protection for omni-administrator users. An attacker can perform unauthorized actions on behalf of authenticated users by tricking them into submitting malicious requests. Remediation...

7.1CVSS6.9AI score0.00131EPSS
Exploits0References2
OSV
OSV
added 2025/08/20 3:31 p.m.6 views

GHSA-P9GC-59HF-X48P Liferay Portal Vulnerable to Cross-Site Request Forgery

Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows...

7.1CVSS6.8AI score0.00131EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/08/20 3:31 p.m.10 views

Liferay Portal Vulnerable to Cross-Site Request Forgery

Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows...

7.1CVSS7.5AI score0.00131EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/08/20 3:15 p.m.6 views

CVE-2025-43748

Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows...

6.8CVSS7AI score0.00131EPSS
Exploits0References1
NVD
NVD
added 2025/08/20 3:15 p.m.7 views

CVE-2025-43748

Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows...

7.1CVSS0.00131EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/20 2:28 p.m.3 views

CVE-2025-43748

Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows...

7.1CVSS7.5AI score0.00131EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/20 2:28 p.m.10 views

CVE-2025-43748

Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows...

7.1CVSS0.00131EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/08/20 2:28 p.m.5 views

CVE-2025-43748

Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows...

7.1CVSS5.9AI score0.00131EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.7 views

PT-2025-34064

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.0.0 through 7.4.3.119 Liferay DXP versions 2023.Q3.1 through 2023.Q4.9 Liferay DXP versions 2024.Q1.1 through 2024.Q1.6 Description: The application lacks sufficient Cross-Site Request Forgery CSRF protection for...

7.1CVSS6.5AI score0.00131EPSS
Exploits0References9
Rows per page
Query Builder