204 matches found
CVE-2025-52602
CVE-2025-52602 affects HCL BigFix Query WebUI Query, where an HTTP GET endpoint may disclose discoverable data such as group names and active user names/IDs via the /api/v1/query endpoint. This exposure could enable targeted phishing or social engineering. The available connected documents confir...
VulnCheck KEV: CVE-2021-4461
Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...
Authorization Bypass Through User-Controlled Key
Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferayusersadminwebportletUsersAdminPortletaddUserIds parameter. An attacker can assign an organizatio...
CVE-2025-62252
The CVE-2025-62252 issue is an IDOR vulnerability in Liferay Portal 7.4.0–7.4.3.111 and Liferay DXP 2023.Q3.1–Q3.10, 2023.Q4.0–Q4.5, and 7.4 GA–update 92. Affected code path is the _com_liferay_users_admin_web_portlet_UsersAdminPortlet_addUserIds parameter, which can let remote authenticated user...
CVE-2025-62252
Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote authenticated users in o...
PT-2025-41811
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay Portal 7.4 GA through update 92 Description An Insecure Direct Object Reference IDOR iss...
EUVD-2019-6580
Malware in sbrugna...
EUVD-2009-1749
Malware in sbrugna...
EUVD-2005-1136
Malware in sbrugna...
EUVD-2000-0085
Malware in sbrugna...
EUVD-2019-1079
Malware in sbrugna...
EUVD-1999-1289
Malware in sbrugna...
EUVD-1999-1023
Malware in sbrugna...
EUVD-2023-12363
Malicious code in bioql PyPI...
EUVD-2022-27652
Malicious code in bioql PyPI...
EUVD-2025-11148
Malicious code in bioql PyPI...
EUVD-2023-46920
Malicious code in bioql PyPI...
EUVD-2025-30233
Malicious code in bioql PyPI...
EUVD-2025-3740
Malicious code in bioql PyPI...
CVE-2025-55795
The openml/openml.org web application version v2.0.20241110 uses incremental user IDs and insufficient email ownership verification during email update workflows. An authenticated attacker controlling a user account with a lower user ID can update their email address to that of another user with ...