Vulnerabilities (CVE)

Total 305467 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-43765 2025-08-23 N/A N/A
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the text field from a web content.
CVE-2025-43764 2025-08-23 N/A N/A
Self-ReDoS (Regular expression Denial of Service) exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20 and 7.4 GA through update 92, which allows authenticated users with permissions to update Kaleo Workflows to enter a malicious Regex pattern causing their browser to hang for a very long time.
CVE-2025-43767 2025-08-23 N/A N/A
Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this security vulnerability to redirect users to a malicious site.
CVE-2025-58043 2025-08-23 N/A N/A
Rejected reason: Not used
CVE-2025-58042 2025-08-23 N/A N/A
Rejected reason: Not used
CVE-2025-58041 2025-08-23 N/A N/A
Rejected reason: Not used
CVE-2025-58040 2025-08-23 N/A N/A
Rejected reason: Not used
CVE-2025-58039 2025-08-23 N/A N/A
Rejected reason: Not used
CVE-2025-58038 2025-08-23 N/A N/A
Rejected reason: Not used
CVE-2025-58037 2025-08-23 N/A N/A
Rejected reason: Not used
CVE-2025-58036 2025-08-23 N/A N/A
Rejected reason: Not used
CVE-2025-58035 2025-08-23 N/A N/A
Rejected reason: Not used
CVE-2025-43769 2025-08-23 N/A N/A
Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote attackers to execute arbitrary web script or HTML via components tab.
CVE-2025-43768 2025-08-23 N/A N/A
Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated users without any permissions to access sensitive information of admin users using JSONWS APIs.
CVE-2025-24469 2025-08-23 N/A N/A
Rejected reason: Not used
CVE-2025-24468 2025-08-23 N/A N/A
Rejected reason: Not used
CVE-2025-22864 2025-08-23 N/A N/A
Rejected reason: Not used
CVE-2025-22863 2025-08-23 N/A N/A
Rejected reason: Not used
CVE-2025-22861 2025-08-23 N/A N/A
Rejected reason: Not used
CVE-2025-22860 2025-08-23 N/A N/A
Rejected reason: Not used