Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-28978

Malicious code in bioql PyPI...

7.4CVSS6.4AI score0.00307EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25148

Malicious code in bioql PyPI...

6.9CVSS6.3AI score0.00199EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/08/25 3:20 a.m.6 views

CVE-2025-43768

Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated users without any permissions to access sensitive information of admin...

5.1CVSS6.7AI score0.00296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/20 5:33 p.m.9 views

CVE-2025-3639

Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36 allows unauthenticated users with valid...

2CVSS6.4AI score0.00469EPSS
Exploits1References1
NVD
NVD
added 2025/08/20 3:15 p.m.7 views

CVE-2025-43748

Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows...

7.1CVSS0.00131EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/19 6:39 p.m.9 views

CVE-2025-43745

A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remo...

6.9CVSS0.00231EPSS
Exploits0References1
CVE
CVE
added 2025/08/19 3:50 p.m.20 views

CVE-2025-43738

CVE-2025-43738 : A reflected XSS in Liferay Portal/DXP allows a remote authenticated user to inject JavaScript via the _com_liferay_expando_web_portlet_ExpandoPortlet_displayType parameter. Affected: Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP 2025.Q2.0–Q2.8, 2025.Q1.0–Q1.15, 2024.Q4.0–Q4.7, 2...

5.4CVSS5.7AI score0.00198EPSS
Exploits0References1Affected Software2
Github Security Blog
Github Security Blog
added 2025/08/19 3:31 p.m.9 views

Liferay Portal has Stored Cross-Site Scripting Vulnerability via Message Boards Feature

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.9 through 2024.Q1.19 allows...

5.4CVSS5.9AI score0.00201EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2025/08/19 2:15 p.m.5 views

CVE-2025-43739

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allow any authenticated user to modify the content of emails sent...

5.3CVSS0.00257EPSS
Exploits0References1
OSV
OSV
added 2025/08/12 9:31 p.m.4 views

GHSA-M5C7-5GV3-HCPF Liferay Portal 7.4.0 and Liferay DXP have a reflected cross-site scripting (XSS) vulnerability

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows...

5.1CVSS5.6AI score0.00199EPSS
Exploits0References5
OSV
OSV
added 2022/10/19 12:0 p.m.6 views

GHSA-R32W-V775-5952 Liferay Portal and Liferay DXP Vulnerable to XSS via the Document Library Module

A Cross-site scripting XSS vulnerability in Document Library module before 6.0.98 from Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter...

6.1CVSS6AI score0.00496EPSS
Exploits0References8
Rows per page
Query Builder