Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-w252-645g-87mp
  • Maven/org.igniterealtime.openfire:xmppserver
 Openfire has potential identity spoofing issue via unsafe CN parsing 2 hours ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-43xf-59vr-g4f2
  • Maven/com.liferay.portal:release.portal.bom
 Liferay Portal Uses Default Password 6 hours ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-4p5r-3jmm-652q
  • Maven/com.liferay:com.liferay.multi.factor.authentication.timebased.otp.web
 Liferay DXP Missing Critical Step in Authentication 6 hours ago
  • Fix available
  • Severity - 2.1 (Low)
GHSA-jfv5-r382-xvwh
  • Maven/com.liferay:com.liferay.dynamic.data.mapping.form.field.type
 Liferay Portal Cross-site Scripting (XSS) vulnerability 6 hours ago
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-5c6v-fqcw-w6q5
  • Maven/com.liferay:com.liferay.dynamic.data.mapping.form.field.type
 Liferay Portal vulnerable to Cross-site Scripting 9 hours ago
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-5hmf-8wx5-4qq3
  • Maven/org.apache.fory:fory-core
 Apache Fory Deserialization of Untrusted Data vulnerability 9 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-vp64-77c6-33h8
  • Maven/com.liferay.portal:com.liferay.portal.kernel
 Liferay Portal has External Control of System or Configuration Settings 9 hours ago
  • Fix available
  • Severity - 2.3 (Low)
GHSA-xvgg-9h29-4g34
  • Maven/com.liferay.portal:com.liferay.portal.impl
  • Maven/com.liferay.portal:com.liferay.portal.kernel
 Liferay Portal has Improper Validation of Specified Quantity in Input 9 hours ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-r45v-2289-jgr4
  • Maven/com.liferay.portal:com.liferay.portal.impl
 Liferay Portal has stored cross-site scripting (XSS) vulnerability 15 hours ago
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-f3hf-r62c-mfrj
  • Maven/com.liferay:com.liferay.portal.vulcan.api
  • Maven/com.liferay:com.liferay.portal.vulcan.impl
 Liferay Portal: Missing Rate Limiting in GraphQL Endpoint Enables Resource Exhaustion Attack 3 days ago
  • Fix available
  • Severity - 7.1 (High)
GHSA-m55r-9fx8-725j
  • Maven/com.liferay:com.liferay.configuration.admin.web
  • Maven/com.liferay:com.liferay.site.admin.web
 Liferay Portal's System, Instance and Site Settings are vulnerable to Open Redirect 3 days ago
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-g8fh-pfw3-8rmr
  • Maven/com.liferay:com.liferay.users.admin.web
 Liferay Portal's selection modal is vulnerable to XSS 3 days ago
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-q86r-gwqc-jx85
  • Maven/com.liferay:com.liferay.comment.web
 Liferay Portal JSON Web Services Direct Class Invocation Enables Service Access Policy Execution 4 days ago
  • Fix available
  • Severity - 1.0 (Low)
GHSA-v53g-736w-mgw4
  • Maven/com.liferay:com.liferay.organizations.item.selector.web
 Liferay Portal's Organization Selector exposes organization data to remote authenticated users 4 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-5wxc-3jfw-w94p
  • Maven/com.liferay:com.liferay.object.service
 Liferay Portal is vulnerable to Insecure Direct Object Reference (IDOR) attack through Authentication Bypass 4 days ago
  • Fix available
  • Severity - 7.4 (High)
GHSA-wr8m-5h2p-4432
  • Maven/com.liferay:com.liferay.portal.workflow.kaleo.runtime.integration.impl
 Liferay Portal API Allows Authenticated Users to Access Workflow Definitions by Name 4 days ago
  • Fix available
  • Severity - 5.3 (Medium)
Load more...