Improper Domain Name Validation

com.liferay.portal, com.liferay.portal.impl is vulnerable to an improper domain name validation. The vulnerability is due to incorrect identification of the subdomain in domain names, which can lead to the creation of a supercookie, allowing an attacker controlling a website with the same top-lev...

EUVD-2025-29207

Malicious code in bioql PyPI...

CVE-2025-43793

Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...

GHSA-XVGG-9H29-4G34 Liferay Portal has Improper Validation of Specified Quantity in Input

Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...

Liferay Portal has Improper Validation of Specified Quantity in Input

Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...

CVE-2025-43793

Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...

CVE-2025-43793

Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...

CVE-2025-43793

CVE-2025-43793 affects Liferay Portal (7.4.0–7.4.3.105) and Liferay DXP (2023.Q4.0, 2023.Q3.1–2023.Q3.4, 7.4 GA–update 92, 7.3 GA–update 35). The issue is improper subdomain/domain subcomponent identification that can create a supercookie, enabling remote attackers controlling a website sharing t...

CVE-2025-43793

Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, whic...

PT-2025-37709

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3 GA through update 35 Liferay Portal versions 7.4 GA through update 92 Liferay Portal versions 7.4.0 through 7.4.3.105 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP version 2023.Q4.0 Description Lifera...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

Advisory ROSA-SA-2025-2673

software: curl 8.5.0 WASP: ROSA-CHROME packageevrstring: curl-8.5.0-1 CVE-ID: CVE-2023-46218 BDU-ID: 2024-02420 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the cURL command-line utility is related to the installation of "supercookie files" in Curl, which are then passed back to more sources...

ROS-20240328-31

The vulnerability in Curl is related to the installation of "supercookie files" in Curl, which are then passed back to a to more sources. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality of protected information...

ROS-20240328-11

The vulnerability in Curl is related to the installation of "supercookie files" in Curl, which are then passed back to a to more sources. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality of protected information...

curl: CVE-2023-46218: cookie mixed case PSL bypass

A vulnerability in libcurl was discovered that allows bypassing cookie domain restrictions through improper hostname normalization. This enables a malicious site to set supercookies readable by other sites under the same top level domain. The issue was caused by libcurl failing to convert the...

TrustPid is another worrying, imperfect attempt to replace tracking cookies

German ISPs are considering the introduction of TrustPid, a new type of “supercookie” that comprises of a unique identifier which will be issued for each customer that will be able to track what that customer is doing online. The providers are trying to sell this idea by telling the public that t...

Apple Blocks Sites From Abusing HSTS Security Standard to Track Users

If you are unaware, the security standard HTTP Strict Transport Security HSTS can be abused as a 'supercookie' to surreptitiously track users of almost every modern web browser online without their knowledge even when they use "private browsing." Apple has now added mitigations to its open-source...

Pinpointing Targets: Exploiting Web Analytics to Ensnare Victims

Over the past year, FireEye Threat Intelligence has identified suspected nation-state sponsored cyber-actors engaged in a large-scale reconnaissance effort. This effort makes use of web analytics—the technologies to collect, analyze, and report data The individuals behind this activity have amass...

Dennis Fisher and Mike Mimoso Discuss the CNNIC Issue, Malvertising and Verizon's Supercookie News

Dennis Fisher and Mike Mimoso talk about Google’s decision to drop Chinese CA CNNIC from Chrome’s trust store, the scope of the malvertising threat and Verizon’s super cookie use. Download: digitalunderground193.mp3 Music by Chris Gonsalves...

Verizon Allows Opt Out of UIDH Mobile Supercookie

Verizon Wireless has made a change that now allows customers to opt out of the ad-targeting program that relies on the so-called supercookie identifier that was inserted into Web requests users send. The use of the identifier, known as a UIDH, drew the ire of privacy advocates and users when it w...