Package impact
Maven / com.liferay.portal:com.liferay.portal.kernel
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-7961 | unknown | — | 2.5 | 4y ago | Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services. | |||
| CVE-2025-43792 | unknown | — | — | 9mo ago | Liferay Portal has External Control of System or Configuration Settings | |||
| CVE-2025-43793 | unknown | — | — | 9mo ago | Liferay Portal has Improper Validation of Specified Quantity in Input | |||
| CVE-2025-43770 | unknown | — | — | 10mo ago | Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter | |||
| CVE-2025-3526 | unknown | — | — | 1y ago | Liferay Portal SessionClicks does not restrict the saving of request parameters in the HTTP session | |||
| CVE-2024-25607 | unknown | — | — | 2y ago | Liferay Portal defaults to a low work factor for the default password hashing algorithm |