Lucene search
+L

208 matches found

Positive Technologies
Positive Technologies
added 2025/12/20 12:0 a.m.19 views

PT-2025-52548

Name of the Vulnerable Software and Affected Versions Ultimate Member plugin for WordPress versions prior to 2.11.1 Description The Ultimate Member plugin for WordPress is affected by a sensitive information exposure issue. Insufficient authorization checks on an unauthenticated AJAX endpoint,...

5.3CVSS6.3AI score0.0049EPSS
Exploits0References12
Cvelist
Cvelist
added 2025/12/12 11:15 a.m.35 views

CVE-2025-14159 Secure Copy Content Protection and Content Locking <= 4.9.2 - Cross-Site Request Forgery to Data Export

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ayssccpresultsexportfile' AJAX action. This makes it possible for unauthenticated...

4.3CVSS0.00139EPSS
Exploits0References4
Veracode
Veracode
added 2025/12/04 5:45 a.m.7 views

Insecure Direct Object Reference (IDOR)

com.liferay.portal, com.liferay.portal.impl is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the comliferayusersadminwebportletUsersAdminPortletaddUserIds parameter, which allows an attacker to assign an organization to a user acros...

5.3CVSS6.9AI score0.00248EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2025/11/13 9:31 a.m.5 views

EUVD-2025-158263

The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajaxgetcomment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, IP...

5.3CVSS5.4AI score0.00287EPSS
Exploits0References4
CVE
CVE
added 2025/11/05 2:46 p.m.16 views

CVE-2025-52602

CVE-2025-52602 affects HCL BigFix Query WebUI Query, where an HTTP GET endpoint may disclose discoverable data such as group names and active user names/IDs via the /api/v1/query endpoint. This exposure could enable targeted phishing or social engineering. The available connected documents confir...

4.2CVSS5.9AI score0.00151EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/10/30 12:0 a.m.13 views

VulnCheck KEV: CVE-2021-4461

Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...

9.3CVSS5.8AI score0.00602EPSS
In wildExploits0References119
Snyk
Snyk
added 2025/10/13 9:31 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferayusersadminwebportletUsersAdminPortletaddUserIds parameter. An attacker can assign an organizatio...

5.3CVSS6.9AI score0.00248EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/13 8:42 p.m.12 views

CVE-2025-62252

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote authenticated users in o...

5.3CVSS0.00248EPSS
Exploits0References1
CVE
CVE
added 2025/10/13 8:42 p.m.20 views

CVE-2025-62252

The CVE-2025-62252 issue is an IDOR vulnerability in Liferay Portal 7.4.0–7.4.3.111 and Liferay DXP 2023.Q3.1–Q3.10, 2023.Q4.0–Q4.5, and 7.4 GA–update 92. Affected code path is the _com_liferay_users_admin_web_portlet_UsersAdminPortlet_addUserIds parameter, which can let remote authenticated user...

5.3CVSS6.4AI score0.00248EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.11 views

PT-2025-41811

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay Portal 7.4 GA through update 92 Description An Insecure Direct Object Reference IDOR iss...

5.3CVSS6.4AI score0.00248EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-1079

Malware in sbrugna...

4.3CVSS4.8AI score0.00897EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2009-1749

Malware in sbrugna...

4.3CVSS6.4AI score0.0068EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-1999-1289

Malware in sbrugna...

4.6CVSS6.4AI score0.00484EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2005-1136

Malware in sbrugna...

5CVSS6.4AI score0.01678EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2000-0085

Malware in sbrugna...

5CVSS6.4AI score0.0137EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-1999-1023

Malware in sbrugna...

1.2CVSS6.4AI score0.00336EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2019-6580

Malware in sbrugna...

5.3CVSS5.2AI score0.01924EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.18 views

EUVD-2023-12363

Malicious code in bioql PyPI...

8.1CVSS8AI score0.00921EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-3740

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.0024EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-27652

Malicious code in bioql PyPI...

4.6CVSS5.1AI score0.0029EPSS
Exploits0References2
Rows per page
Query Builder