CVE-2025-22860 - Norton Antivirus Unvalidated Redirect to Arbitrary URL
CVE ID : CVE-2025-22860
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22860
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22861 - Apache Struts Command Injection
CVE ID : CVE-2025-22861
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22861
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22863 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-22863
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22863
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22864 - Apache HTTP Server Command Injection
CVE ID : CVE-2025-22864
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22864
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24468 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-24468
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24468
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24469 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-24469
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24469
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43768 - Liferay Portal Unauthenticated Admin Data Disclosure
CVE ID : CVE-2025-43768
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated users without any permissions to access sensitive information of admin users using JSONWS APIs.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43768
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated users without any permissions to access sensitive information of admin users using JSONWS APIs.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43769 - Liferay Portal Liferay DXP Stored Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-43769
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote attackers to execute arbitrary web script or HTML via components tab.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43769
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote attackers to execute arbitrary web script or HTML via components tab.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58035 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-58035
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58035
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58036 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-58036
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58036
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58037 - Apache Solr SQL Injection
CVE ID : CVE-2025-58037
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58037
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58038 - Apache Struts Command Injection
CVE ID : CVE-2025-58038
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58038
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58039 - Apache Struts Remote Code Execution
CVE ID : CVE-2025-58039
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58039
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58040 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-58040
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58040
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58041 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-58041
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58041
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58042 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-58042
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58042
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58043 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-58043
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58043
Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43767 - Liferay Portal Open Redirect
CVE ID : CVE-2025-43767
Published : Aug. 23, 2025, 4:15 a.m. | 4 hours, 3 minutes ago
Description : Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this security vulnerability to redirect users to a malicious site.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43767
Published : Aug. 23, 2025, 4:15 a.m. | 4 hours, 3 minutes ago
Description : Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this security vulnerability to redirect users to a malicious site.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43764 - Liferay Portal Liferay DXP Regular Expression Denial of Service
CVE ID : CVE-2025-43764
Published : Aug. 23, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : Self-ReDoS (Regular expression Denial of Service) exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20 and 7.4 GA through update 92, which allows authenticated users with permissions to update Kaleo Workflows to enter a malicious Regex pattern causing their browser to hang for a very long time.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43764
Published : Aug. 23, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : Self-ReDoS (Regular expression Denial of Service) exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20 and 7.4 GA through update 92, which allows authenticated users with permissions to update Kaleo Workflows to enter a malicious Regex pattern causing their browser to hang for a very long time.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43765 - Liferay Portal Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-43765
Published : Aug. 23, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the text field from a web content.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43765
Published : Aug. 23, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the text field from a web content.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43766 - Liferay Portal/DPX Remote Code Execution Vulnerability
CVE ID : CVE-2025-43766
Published : Aug. 23, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : The Liferay Portal 7.4.0 through 7.3.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows the upload of unrestricted files in the style books component that are processed within the environment enabling arbitrary code execution by attackers.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43766
Published : Aug. 23, 2025, 5:15 a.m. | 3 hours, 3 minutes ago
Description : The Liferay Portal 7.4.0 through 7.3.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows the upload of unrestricted files in the style books component that are processed within the environment enabling arbitrary code execution by attackers.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...