Package impact

Maven / com.liferay.portal:com.liferay.portal.impl

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2025-62276	unknown	—	—	7mo ago	Liferay Portal and DXP use an incorrect cache-control header
CVE-2025-62261	unknown	—	—	7mo ago	Liferay Portal Stores Password Reset Tokens in Plain Text
CVE-2025-62254	unknown	—	—	7mo ago	Liferay Portal ComboServlet denial of service via large file combination
CVE-2025-62249	unknown	—	—	7mo ago	Liferay Portal reflected cross-site scripting (XSS) vulnerability in the google_gaget
CVE-2025-62252	unknown	—	—	8mo ago	Liferay is Vulnerable to Authorization Bypass Through User-Controlled Key
CVE-2025-43813	unknown	—	—	8mo ago	Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet
CVE-2025-43809	unknown	—	—	8mo ago	Liferay Portal Cross-Site Request Forgery (CSRF) vulnerability
CVE-2025-43801	unknown	—	—	8mo ago	Liferay Portal has unchecked input for loop condition vulnerability in XML-RPC
CVE-2025-43793	unknown	—	—	9mo ago	Liferay Portal has Improper Validation of Specified Quantity in Input
CVE-2025-43794	unknown	—	—	9mo ago	Liferay Portal has stored cross-site scripting (XSS) vulnerability
CVE-2025-43768	unknown	—	—	9mo ago	Liferay Portal JSONWS API endpoint shares sensitive information
CVE-2021-29050	unknown	—	—	2y ago	Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery in Terms of Use Page
CVE-2022-41414	unknown	—	—	4y ago	Liferay Portal Insecure Default Configuration in auth.login.prompt.enabled
CVE-2021-33322	unknown	—	—	4y ago	Liferay Portal and Liferay DXP fails to invalidate password reset tokens after use
CVE-2021-33321	unknown	—	—	4y ago	Liferay Portal and Liferay DXP insecure default configuration
CVE-2020-15840	unknown	—	—	4y ago	Liferay Portal and Liferay DXP Bypass via Double Encoded URL
CVE-2022-26595	unknown	—	—	4y ago	Liferay Portal and Liferay DXP fails to check permissions to view sites/groups