Total
305467 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-43765 | 2025-08-23 | N/A | N/A | ||
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the text field from a web content. | |||||
CVE-2025-43764 | 2025-08-23 | N/A | N/A | ||
Self-ReDoS (Regular expression Denial of Service) exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20 and 7.4 GA through update 92, which allows authenticated users with permissions to update Kaleo Workflows to enter a malicious Regex pattern causing their browser to hang for a very long time. | |||||
CVE-2025-43767 | 2025-08-23 | N/A | N/A | ||
Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this security vulnerability to redirect users to a malicious site. | |||||
CVE-2025-58043 | 2025-08-23 | N/A | N/A | ||
Rejected reason: Not used | |||||
CVE-2025-58042 | 2025-08-23 | N/A | N/A | ||
Rejected reason: Not used | |||||
CVE-2025-58041 | 2025-08-23 | N/A | N/A | ||
Rejected reason: Not used | |||||
CVE-2025-58040 | 2025-08-23 | N/A | N/A | ||
Rejected reason: Not used | |||||
CVE-2025-58039 | 2025-08-23 | N/A | N/A | ||
Rejected reason: Not used | |||||
CVE-2025-58038 | 2025-08-23 | N/A | N/A | ||
Rejected reason: Not used | |||||
CVE-2025-58037 | 2025-08-23 | N/A | N/A | ||
Rejected reason: Not used | |||||
CVE-2025-58036 | 2025-08-23 | N/A | N/A | ||
Rejected reason: Not used | |||||
CVE-2025-58035 | 2025-08-23 | N/A | N/A | ||
Rejected reason: Not used | |||||
CVE-2025-43769 | 2025-08-23 | N/A | N/A | ||
Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote attackers to execute arbitrary web script or HTML via components tab. | |||||
CVE-2025-43768 | 2025-08-23 | N/A | N/A | ||
Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated users without any permissions to access sensitive information of admin users using JSONWS APIs. | |||||
CVE-2025-24469 | 2025-08-23 | N/A | N/A | ||
Rejected reason: Not used | |||||
CVE-2025-24468 | 2025-08-23 | N/A | N/A | ||
Rejected reason: Not used | |||||
CVE-2025-22864 | 2025-08-23 | N/A | N/A | ||
Rejected reason: Not used | |||||
CVE-2025-22863 | 2025-08-23 | N/A | N/A | ||
Rejected reason: Not used | |||||
CVE-2025-22861 | 2025-08-23 | N/A | N/A | ||
Rejected reason: Not used | |||||
CVE-2025-22860 | 2025-08-23 | N/A | N/A | ||
Rejected reason: Not used |