Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to improper access control to OpenAPI. An attacker can retrieve sensitive OpenAPI YAML files by sending a specially crafted URL. Remediation Upgrade com.liferay:com.liferay.portal.security.auth.verifier to...

EUVD-2018-5328

Malware in sbrugna...

EUVD-2017-10233

Malware in sbrugna...

EUVD-2018-11940

Malware in sbrugna...

EUVD-2018-12024

Malware in sbrugna...

EUVD-2009-4123

Malware in sbrugna...

EUVD-2004-2503

Malware in sbrugna...

EUVD-2021-15689

Malware in sbrugna...

EUVD-2020-5697

Malware in sbrugna...

EUVD-2022-48127

Malicious code in bioql PyPI...

EUVD-2025-10388

Malicious code in bioql PyPI...

EUVD-2024-47825

Malicious code in bioql PyPI...

EUVD-2023-44092

Malicious code in bioql PyPI...

EUVD-2025-23958

Malicious code in bioql PyPI...

EUVD-2023-48665

Malicious code in bioql PyPI...

EUVD-2024-49203

Malicious code in bioql PyPI...

EUVD-2024-0781

Malicious code in bioql PyPI...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferayportalsecurityauditwebportletAuditPortletauditEventId parameter. An attacker can access audit events belonging to a different virtual instance by specifying the identifi...

CVE-2021-29043

The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middl...

CVE-2021-21489

SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting XSS vulnerability. This would allow an attacker with administrative privileges to store a malicious script on the portal. T...