EUVD-2025-24041

Malicious code in bioql PyPI...

Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, and 7.4 GA through update 92 allow a pre-authentication blind SSRF vulnerability in the...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of user-supplied URLs in the portal-settings-authentication-opensso-web component. An unauthenticated attacker can cause the server to initiate arbitrary HTTP requests to internal...

VulnCheck KEV: CVE-2025-4581

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authentication blind SSRF vulnerability in the...

Unspecified Vulnerability in Oracle Fusion Middleware OpenSSO Component

Oracle OpenSSO is the United States Oracle Oracle a single sign-on SSO open source implementation , it is deployed in a variety of different Web or application servers on the Web application to provide centralized authentication capabilities . A security vulnerability exists in the OpenSSO Web...

CVE-2015-0451

Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 3.0-04 allows remote authenticated users to affect confidentiality via vectors related to OpenSSO Web Agents...

Buffer overflow

Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 3.0-04 allows remote authenticated users to affect confidentiality via vectors related to OpenSSO Web Agents...