| CVE-2025-62276 |
unknown |
— |
— |
7mo ago |
Liferay Portal and DXP use an incorrect cache-control header |
|
| CVE-2025-62261 |
unknown |
— |
— |
7mo ago |
Liferay Portal Stores Password Reset Tokens in Plain Text |
|
| CVE-2025-62254 |
unknown |
— |
— |
7mo ago |
Liferay Portal ComboServlet denial of service via large file combination |
|
| CVE-2025-62249 |
unknown |
— |
— |
7mo ago |
Liferay Portal reflected cross-site scripting (XSS) vulnerability in the google_gaget |
|
| CVE-2025-62252 |
unknown |
— |
— |
8mo ago |
Liferay is Vulnerable to Authorization Bypass Through User-Controlled Key |
|
| CVE-2025-43813 |
unknown |
— |
— |
8mo ago |
Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet |
|
| CVE-2025-43809 |
unknown |
— |
— |
8mo ago |
Liferay Portal Cross-Site Request Forgery (CSRF) vulnerability |
|
| CVE-2025-43801 |
unknown |
— |
— |
8mo ago |
Liferay Portal has unchecked input for loop condition vulnerability in XML-RPC |
|
| CVE-2025-43793 |
unknown |
— |
— |
8mo ago |
Liferay Portal has Improper Validation of Specified Quantity in Input |
|
| CVE-2025-43794 |
unknown |
— |
— |
9mo ago |
Liferay Portal has stored cross-site scripting (XSS) vulnerability |
|
| CVE-2025-43768 |
unknown |
— |
— |
9mo ago |
Liferay Portal JSONWS API endpoint shares sensitive information |
|
| CVE-2025-43735 |
unknown |
— |
— |
10mo ago |
Liferay Portal and Liferay DXP have a reflected cross-site scripting vulnerability |
|
| CVE-2021-29050 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery in Terms of Use Page |
|
| CVE-2022-41414 |
unknown |
— |
— |
4y ago |
Liferay Portal Insecure Default Configuration in auth.login.prompt.enabled |
|
| CVE-2021-33322 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP fails to invalidate password reset tokens after use |
|
| CVE-2021-33321 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP insecure default configuration |
|
| CVE-2020-15840 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Bypass via Double Encoded URL |
|
| CVE-2022-26595 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP fails to check permissions to view sites/groups |
|