8 matches found
IT threat evolution in Q2 2025. Non-mobile statistics
IT threat evolution in Q2 2025. Non-mobile statistics IT threat evolution in Q2 2025. Mobile statistics The statistics in this report are based on detection verdicts returned by Kaspersky products unless otherwise stated. The information was provided by Kaspersky users who consented to sharing...
GHSA-H4M4-XP33-37MJ Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated...
CVE-2025-43747
A server-side request forgery SSRF vulnerability exists in the Liferay DXP 2025.Q2.0 through 2025.Q2.3 due to insecure domain validation on analytics.cloud.domain.allowed, allowing an attacker to perform requests by change the domain and bypassing the validation method, this insecure validation i...
CVE-2025-43737
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via comliferayjournalwebportletJournalPortletbackURL parameter...
PT-2024-5211 · Telerik · Telerik Report Server
Name of the Vulnerable Software and Affected Versions: In Progress Telerik Report Server versions prior to 2024 Q2 10.1.24.709 Description: The issue is related to an insecure deserialization vulnerability in the Telerik Report Server, which can be exploited to allow a remote attacker to execute...
PT-2024-37876 · National Instruments · Ni Veristand
Name of the Vulnerable Software and Affected Versions: NI VeriStand versions 2024 Q2 and prior Description: The issue is related to missing authorization checks when accessing File Transfer resources, potentially leading to information disclosure or remote code execution. Recommendations: For NI...
PT-2024-29683 · Progress · Telerik Reporting
Name of the Vulnerable Software and Affected Versions: In Progress Telerik Reporting versions prior to 2024 Q2 18.1.24.2.514 Description: A code execution attack is possible by a local threat actor through an insecure deserialization vulnerability, allowing for potential exploitation...
Top MSRC 2020 Q2 Security Researchers Announced – Congratulations!
We are excited to announce the top contributing researchers for the 2020 Second Quarter Q2! Congratulations to all the researchers who continue to rock the leaderboard, and a big thank you to everyone for your contribution to securing our customers and the ecosystem. The top three researchers of...