Salta al contingut principal
  • Blogs
  • Feedback
  • Help
  • Meet
  • Chat
  • Discuss
  • Download
  • Learn
  • Log In

Known Vulnerabilities

  • Security Overview
  • Reporting Security Issues
  • Known Vulnerabilities
  • Hall of Fame

Releases

  • Liferay Portal 7.4 U132
  • Liferay Portal 7.4
  • Liferay Portal 7.3
  • Liferay Portal 7.2
  • Liferay Portal 7.1
  • Liferay Portal 7.0
  • Liferay Portal 6.2 CE
  • Liferay Faces
  • Liferay DXP 7.4
  • Liferay DXP 7.3
  • Liferay DXP 7.2
  • LIferay DXP 7.1
  • LIferay DXP 7.0
  • Liferay DXP 2026.Q4
  • Liferay DXP 2026.Q3
  • Liferay DXP 2026.Q2
  • Liferay DXP 2026.Q1
  • Liferay DXP 2025.Q4
  • Liferay DXP 2025.Q3
  • Liferay DXP 2025.Q2
  • Liferay DXP 2025.Q1
  • Liferay DXP 2024.Q4
  • Liferay DXP 2024 Q3
  • Liferay DXP 2024 Q2
  • Liferay DXP 2024 Q1
  • Liferay DXP 2023.Q4
  • Liferay DXP 2023.Q3
RSS

  • CVE-2025-62275 Blogs images are visible to unauthenticated users

  • CVE-2025-62276 Private Cache-Control header for DM and AM file download

  • CVE-2025-62266 Insecure default for the property `redirect.url.security.mode`

  • CVE-2025-62257 Lockout mechanism doesn't prevent password enumeration brute force attacks

  • CVE-2025-62258 CSRF vulnerability with headless API

  • CVE-2025-62261 Cleartext storage of password reset tickets

  • CVE-2025-62262 Email address in LDAP import logs

  • CVE-2025-62255 Self-XSS with attachment file names in Knowledge Base

  • CVE-2025-62254 Very large ComboServlet responses

  • CVE-2025-43816 Memory leak when consuming the headless API for StructuredContents

  • CVE-2025-43814 Password reminder answers recorded in audit events

  • CVE-2025-43809 CSRF vulnerability with server (license) registration

  • CVE-2025-62250 Portal fails to verify messages from the cluster network is trusted

  • CVE-2024-11993 Reflected XSS in Dispatch Name field

  • CVE-2025-43799 Change password requirement bypass

  • CVE-2025-43824 HTTP response injection/splitting vulnerability with vCard

  • CVE-2025-43803 IDOR vulnerable in Contacts Center

  • CVE-2025-43827 IDOR audit events

  • CVE-2025-43826 Stored XSS with web content translation

  • CVE-2025-62246 Stored XSS with mentions in comments

  • CVE-2025-62265 <iframe> vulnerabilities in Blogs

  • CVE-2025-43795 Open redirect in System Settings, Instance Settings and Site Settings

  • CVE-2023-37940 XSS with "Service Class" in Service Access Policy

  • CVE-2025-62253 Open redirect in page administration

  • CVE-2025-3526 DoS vulnerability with SessionClicks

  • CVE-2025-3594 DoS vulnerability with SessionClicks

  • CVE-2025-43748 Insufficient CSRF protection for omni-administrator actions

  • CVE-2024-8980 Mitigate against simple XSS attacks against script console

  • CVE-2025-62259 Email address verification bypass

  • CVE-2023-42628 XSS with child wiki pages

  • CVE-2023-33937 Stored XSS with form name in form configuration

  • CVE-2023-33939 Stored XSS in Modified Facet

  • CVE-2023-33949 Users do not have to verify their email address by default

Community
Company
Feedback
Blogs
Discuss
Meet
Open Source
Download
Events
Learn
Careers
Contact Us
Feedback
Help
Copyright © 2026 Liferay, Inc

Powered by Liferay™

Legal

Compliance

Privacy Policy

Aquest lloc web utilitza galetes

Utilitzem galetes per oferir contingut personalitzat, analitzar tendències, administrar el lloc web, fer un seguiment dels moviments dels usuaris al lloc web i recollir informació demogràfica sobre la nostra base d'usuaris en conjunt. Accepteu totes les galetes per gaudir de la millor experiència possible al nostre lloc web o gestioneu les vostres preferències. Consulteu la nostra política de privadesa