Liferay Portal vulnerable to cross-site scripting in the web content template

Cross-site scripting XSS vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted...

Cross-site Scripting (XSS)

Overview com.liferay:com.liferay.journal.web is a Liferay Journal Web Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Name field in web content structures. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting specially crafted...

Pointer leaks through pointer-keyed data structures

Posted by Jann Horn, Google Project Zero Introduction Some time in 2024, during a Project Zero team discussion, we were talking about how remote ASLR leaks would be helpful or necessary for exploiting some types of memory corruption bugs, specifically in the context of Apple devices. Coming from...

colander

This is a Python library for deserialization and validation of data structures composed of strings, mappings, and lists. It is a package that can be used to serialize an arbitrary data structure to a data structure composed of strings, mappings, and lists, and to deserialize and validate a data...

[SECURITY] Fedora 42 Update: perl-Cpanel-JSON-XS-4.40-1.fc42

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

[SECURITY] Fedora 41 Update: perl-JSON-XS-4.04-1.fc41

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via a "Rich Text" field when processing user-supplied input in web content structures, document types, or custom assets. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker...

Liferay Portal vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

CVE-2025-43791

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from uninitialized request reference counting, which could lead to the use of uninitialized request data structur...

PT-2025-37736

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP version 2023.Q4.0 Liferay Portal versions 7.4 GA through update 92 Liferay Portal versions 7.3 GA through update 36 Description The...

iio: common: st_sensors: Fix use of uninitialize device structs

...

PT-2025-34601 · Unknown · Minova Tta

Name of the Vulnerable Software and Affected Versions: MINOVA TTA version 11.17.0 Description: The MINOVA TTA service exposes authentication FTP credentials through debug port 1604, allowing unauthenticated remote access to active FTP accounts containing sensitive internal data and import...

Linux Distros Unpatched Vulnerability : CVE-2019-10184

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without...

CLSA-2025-1755681299 freetype: Fix of CVE-2025-27363

CVE-2025-27363: fix OOB write when parsing font subglyph structures...

com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError

A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur...

PT-2025-33778 · Ext4 +1 · Ext4 +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the ext4 filesystem implementation. Specifically, a use-after-free issue can occur in the ext4 end io rsv work function. This is due to...

AutoBnB-RAG: Enhancing Multi-Agent Incident Response with Retrieval-Augmented Generation

Incident response IR requires fast, coordinated, and well-informed decision-making to contain and mitigate cyber threats. While large language models LLMs have shown promise as autonomous agents in simulated IR settings, their reasoning is often limited by a lack of access to external knowledge. ...

CVE-2025-38504

Summary: CVE-2025-38504 relates to the Linux kernel, specifically the io_uring/zcrx component. The connected documents describe a code-level fix in the destruction path for page pools, where a misplaced warning could trigger during destruction and affect niovs handling. The root cause is that nio...

[SECURITY] Fedora 42 Update: glib2-2.84.4-1.fc42

GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system...