Lucene search
K

74 matches found

Akamai Blog
Akamai Blog
added 2026/01/27 2:0 p.m.6 views

Enhancements to Akamai API Security, Q4 2025

The Q4 2025 Akamai API Security updates help organizations shift security left, improve coverage, and reduce friction...

5.9AI score
Exploits0
Circl
Circl
added 2025/12/15 7:35 p.m.7 views

CVE-2025-67899

creationtimestamp| type| source ---|---|--- 2025-12-15 19:35:51+00:00| seen| https://seclists.org/oss-sec/2025/q4/277 2025-12-20 02:01:34+00:00| seen| https://bsky.app/profile/slackers.it/post/3maf4d6dt3p2l 2025-12-21 10:46:14+00:00| seen|...

2.9CVSS5.5AI score0.00122EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/23 1:41 p.m.10 views

CVE-2025-62256

Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances, which allows remote attackers...

6.9CVSS0.00384EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.4 views

Liferay Portal和Liferay DXP 路径遍历漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc.Liferay DXP ...

7.5CVSS6.5AI score0.00508EPSS
Exploits0References1
OSV
OSV
added 2025/10/21 9:33 p.m.4 views

GHSA-RX48-GQC2-4W47 Liferay Portal reflected cross-site scripting (XSS) vulnerability in the google_gaget

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0 through 2025.Q3.2, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13,...

6.9CVSS5.9AI score0.00224EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/10/21 12:0 a.m.8 views

Liferay Portal和Liferay DXP 访问控制错误漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DX...

6.9CVSS6.9AI score0.00164EPSS
Exploits0References1
OSV
OSV
added 2025/10/13 9:31 p.m.5 views

GHSA-FHCW-PX4Q-PMVV Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key

Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...

5.3CVSS6.8AI score0.00254EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.4 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

5.4CVSS6.4AI score0.00225EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.6 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

4.8CVSS6.4AI score0.00264EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-17061

Malware in sbrugna...

5.4CVSS7.3AI score0.02529EPSS
Exploits3References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-32864

Malicious code in bioql PyPI...

7.8CVSS6.5AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-12164

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00215EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-23370

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00242EPSS
Exploits0References1
CVE
CVE
added 2025/09/09 3:0 a.m.25 views

CVE-2025-43777

CVE-2025-43777 affects Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP versions 2025.Q1.0–2025.Q2.9 (and earlier 2024.Q1.1–2024.Q4.7, 2024.Q2.0–2024.Q2.13, 2024.Q3.0–2024.Q3.13). The issue: an Internal Server Error is exposed in the login response when a request uses a deleted Client Secret. Root ...

5.3CVSS6.4AI score0.00216EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2025/08/29 7:15 p.m.7 views

CVE-2025-43773

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 has a security vulnerability that allowing for improp...

9.1CVSS5.8AI score0.00267EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/08/23 6:30 a.m.6 views

Liferay Portal ReDoS with Role Name search in KaleoDesignerPortlet

Self-ReDoS Regular expression Denial of Service exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20...

6.9CVSS6AI score0.00289EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2025/08/01 12:0 a.m.5 views

CloudClassroom-PHP-Project 安全漏洞

CloudClassroom-PHP-Project is a cloud classroom website by the individual developer Vishal Mathur. A security vulnerability exists in CloudClassroom-PHP-Project version 1.0, which stems from insufficient cleanup of the Q4 POST parameter in the file takeassessment2.php, which could lead to SQL...

6.5CVSS7.3AI score0.00242EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/01 12:0 a.m.4 views

CVE-2025-50868

A SQL Injection vulnerability exists in the takeassessment2.php file of CloudClassroom-PHP-Project 1.0. The Q4 POST parameter is not properly sanitized before being used in SQL queries...

7.7AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/01 12:0 a.m.13 views

CVE-2025-50868

A SQL Injection vulnerability exists in the takeassessment2.php file of CloudClassroom-PHP-Project 1.0. The Q4 POST parameter is not properly sanitized before being used in SQL queries...

0.00242EPSS
Exploits0References1
CVE
CVE
added 2025/08/01 12:0 a.m.25 views

CVE-2025-50868

CVE-2025-50868 affects CloudClassroom-PHP-Project 1.0, specifically the takeassessment2.php file where the Q4 POST parameter is not properly sanitized before being used in SQL queries, enabling SQL injection. The CVSS v3.1 base score is 6.5 (Medium) with low confidentiality/integrity impact and n...

6.5CVSS8.4AI score0.00242EPSS
Exploits0References1
Rows per page
Query Builder