CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

644 matches found

NVD•added 2025/10/23 2:15 p.m.•2 views

CVE-2025-62256

Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances, which allows remote attackers...

6.9CVSS0.00016EPSS

Exploits0References1

OSV•added 2025/10/23 2:15 p.m.•3 views

CVE-2025-62256

5.3CVSS6.4AI score0.00016EPSS

Exploits0References1

CVE•added 2025/10/23 1:41 p.m.•9 views

CVE-2025-62256

Connected documents describe DNS rebinding vulnerabilities affecting Liferay Portal 7.4.0–7.4.3.119 and various Liferay DXP versions (e.g., 2023.Q3.1–2023.Q4.10, 2024.Q1.1–2024.Q1.5, 7.4 GA through update 92). Problems allow remote attackers to redirect users to arbitrary URLs by abusing redirect...

6.9CVSS6.4AI score0.00016EPSS

Exploits0References1Affected Software2

Cvelist•added 2025/10/23 1:41 p.m.•6 views

CVE-2025-62256

6.9CVSS0.00016EPSS

Exploits0References1

Positive Technologies•added 2025/10/23 12:0 a.m.•3 views

PT-2025-43515

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3 GA through update 35 Liferay Portal versions 7.4.0 through 7.4.3.109 Liferay DXP versions 2023.Q3.1 through 2023.Q3.7 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay Portal 7.4 GA through update 92 older...

6.9CVSS6.6AI score0.00043EPSS

Exploits0References18

IBM Security Bulletins•added 2025/10/20 8:6 p.m.•5 views

Security Bulletin: IBM Security QRadar Log Management AQL Plugin includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. These vulnerabilities have been addressed in the update. Vulnerability Details CVEID:CVE-2025-30153 DESCRIPTION: kin-openapi is a Go project for handling OpenAPI...

7.5CVSS6.2AI score0.00392EPSS

Exploits4Affected Software1

RedhatCVE•added 2025/10/11 7:20 p.m.•4 views

CVE-2025-11581

A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicl...

7.5CVSS6.7AI score0.00037EPSS

Exploits0References1

OSV•added 2025/10/10 9:31 p.m.•3 views

GHSA-9WQ6-87HW-6MHC PowerJob OpenAPIController is missing authorization

6.9CVSS6.9AI score0.00037EPSS

Exploits0References6

Github Security Blog•added 2025/10/10 9:31 p.m.•7 views

PowerJob OpenAPIController is missing authorization

7.5CVSS5.5AI score0.00037EPSS

Exploits0References6Affected Software1

Snyk•added 2025/10/10 7:41 p.m.•15 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via multiple APIs in OpenAPIController. An attacker can gain unauthorized access to sensitive information by sending crafted requests to the endpoints. Remediation There is no fixed version for...

7.5CVSS6.8AI score0.00037EPSS

Exploits0References2

NVD•added 2025/10/10 7:15 p.m.•3 views

CVE-2025-11581

7.5CVSS0.00037EPSS

Exploits0References5

OSV•added 2025/10/10 7:15 p.m.•3 views

CVE-2025-11581

7.5CVSS5.3AI score

Exploits0References5

Positive Technologies•added 2025/10/10 12:0 a.m.•5 views

PT-2025-41589

Name of the Vulnerable Software and Affected Versions PowerJob versions through 5.1.2 Description A security issue has been identified in PowerJob. The problem relates to missing authorization within the /openApi/runJob file of the OpenAPIController component. This allows for remote attacks. The...

6.9CVSS5.4AI score0.00037EPSS

Exploits0References7