CVE-2025-43786
- EPSS 0.03%
- Veröffentlicht 09.09.2025 19:08:52
- Zuletzt bearbeitet 16.12.2025 15:11:25
Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update 92 allow attackers to determi...
CVE-2025-43781
- EPSS 0.03%
- Veröffentlicht 09.09.2025 18:48:35
- Zuletzt bearbeitet 16.12.2025 15:29:46
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.110 through 7.4.3.128, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.12 allows remote attackers to inject arbitrary w...
CVE-2025-43775
- EPSS 0.02%
- Veröffentlicht 09.09.2025 18:12:50
- Zuletzt bearbeitet 16.12.2025 15:04:29
Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.5, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote attackers t...
CVE-2025-43776
- EPSS 0.03%
- Veröffentlicht 09.09.2025 14:18:53
- Zuletzt bearbeitet 16.12.2025 16:12:02
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q...
CVE-2025-43777
- EPSS 0.03%
- Veröffentlicht 09.09.2025 03:15:32
- Zuletzt bearbeitet 12.12.2025 20:29:25
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.19 exposes "Inte...
CVE-2025-43778
- EPSS 0.03%
- Veröffentlicht 09.09.2025 01:21:44
- Zuletzt bearbeitet 12.12.2025 20:28:13
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.11, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024....
CVE-2025-43763
- EPSS 0.03%
- Veröffentlicht 08.09.2025 23:24:19
- Zuletzt bearbeitet 12.12.2025 20:27:55
A server-side request forgery (SSRF) vulnerability exist in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 that aff...
CVE-2025-3586
- EPSS 0.2%
- Veröffentlicht 01.09.2025 18:15:29
- Zuletzt bearbeitet 12.12.2025 20:08:45
In Liferay Portal 7.4.3.27 through 7.4.3.42, and Liferay DXP 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 27 through update 42 (Liferay PaaS, and Liferay Self-Hosted), the Objects module does no...
CVE-2025-43773
- EPSS 0.04%
- Veröffentlicht 29.08.2025 18:59:52
- Zuletzt bearbeitet 16.12.2025 14:56:42
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 has a...
CVE-2025-43764
- EPSS 0.1%
- Veröffentlicht 23.08.2025 04:49:59
- Zuletzt bearbeitet 12.12.2025 20:09:34
Self-ReDoS (Regular expression Denial of Service) exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 ...