CVE-2019-16564

Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names...

Misskey 安全漏洞

Misskey is a permanently free open source syndicated social media platform from Misskey Open Source. A security vulnerability exists in Misskey version 13.0.0-beta.16 through versions prior to 2025.12.0, which stems from a participant who does not have permission to view favorites or clips being...

EUVD-2022-4342

Malicious code in bioql PyPI...

CVE-2025-43797

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...

GHSA-25M3-W28P-V3V3 Liferay has Insecure Default Initialization of Resource issue

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member...

CVE-2025-43797

CVE-2025-43797 (Liferay) affects Liferay Portal 7.1.0–7.4.3.111 and Liferay DXP 2023.Q4.0, 2023.Q3.1–2023.Q3.4, plus older unsupported builds. The root cause is a default Open membership setting on newly created sites, which allows any registered user to become a member and potentially view, add,...

PT-2025-37766

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.1.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP version 2023.Q4.0 Liferay Portal 7.3 GA through update 35 Liferay Portal 7.4 GA through update 92 Description The default membership...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

Layout Builder Advanced Permissions - Moderately critical - Access bypass - SA-CONTRIB-2025-097

The Layout Builder Advanced Permissions module enables you to have fine grained control over who can do what in editing pages built with Layout Builder. The module doesn't sufficiently control access for adding sections in the submodule. This vulnerability is mitigated by the fact that an attacke...

Malicious code in mitui-view-content (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c736710621edb18860a9df20314a9bbb902e6c0da5009a97f12d30e9913bc46f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4634 Malicious code in mitui-view-content (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c736710621edb18860a9df20314a9bbb902e6c0da5009a97f12d30e9913bc46f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-41974

Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission...

BaserCMS Restricted Access Vulnerability

baserCMS is an enterprise-level content management system CMS. A restricted access vulnerability exists in baserCMS versions 4.1.0.1 and earlier and 3.0.15 and earlier, which stems from the program failing to restrict access. A remote attacker can use this vulnerability to bypass access...

View Content Permission Set not Complete.

The Content Permission Set returned from the method getViewContentPermissions is incomplete. It appears to only contain a single ContentPermission object regardless of how many View permisisons have been attached to a Page. 1 Create a new page 2 Assign a View restriction for 1 group 3 Assign View...

Hidden pages' content can be viewed without permission using diffpages.action

If the id of a page is known by a user, that user can view the content of the page without having permissions to the space it is in. They need only construct the right URL. EG: Two spaces A and B Page with id 1 is in Space A Page with id 2 is in Space B User cannot see Space A User can see Space ...