Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / liferay

liferay

340 tracked vulnerabilities.

CVE-2025-62275 MEDIUM

Liferay DXP 7.4.0-7.4.3.111 & 2023.Q4.0-2023.Q4.10 - Unauthenticated Image Access

CVE-2025-62276 MEDIUM

Liferay Portal <7.4.3.111 - Info Disclosure

CVE-2025-62267 MEDIUM

Liferay Digital Experience Platform < 7.4.3.112 - XSS

CVE-2025-62264 MEDIUM

Liferay Digital Experience Platform < 7.4.3.112 - XSS

CVE-2025-62265 MEDIUM

Liferay Digital Experience Platform < 7.4 - Stored Cross-Site Scripting in Blogs Widget via iframe Injection

CVE-2025-62266 MEDIUM

Liferay Digital Experience Platform < 7.4.3.110 - Open Redirect

CVE-2025-62257 MEDIUM

Liferay Portal 7.4.0-7.4.3.119 and DXP 2024.Q1.1-2024.Q1.5 - Password Enumeration via Brute Force Attack

CVE-2025-62259 MEDIUM

Liferay Portal 7.4.0-7.4.3.109 & DXP 2023.Q3.1-2023.Q3.4 - Unauthenticated API Access

CVE-2025-62258 MEDIUM

Liferay DXP 7.4.0-7.4.3.107, 2023.Q3.1-2023.Q3.4, 7.4 GA-92, 7.3 GA-35 - CSRF via Headless API

CVE-2025-62261 MEDIUM

Liferay Portal 7.4.0-7.4.3.99 & DXP 2023.Q3.1-2023.Q3.4, 7.4 GA-92, 7.3 GA-34 - Cleartext Password Reset Tokens

CVE-2025-62260 HIGH

Liferay Portal 7.4.0-7.4.3.99 & DXP 2023.Q3.1-2023.Q3.4, 7.4 GA-92, 7.3 GA-35 - DoS via Headless API

CVE-2025-62262 MEDIUM

Liferay DXP 7.4.0-7.4.3.97 & 2023.Q3.1-2023.Q3.4 - Information Exposure via LDAP Logs

CVE-2025-62263 MEDIUM

Liferay Digital Experience Platform < 7.4.3.104 - XSS

CVE-2025-62253 MEDIUM

Liferay Digital Experience Platform < 7.3 and 7.4.0-7.4.3.97 - Open Redirect via GroupPagesPortlet Redirect Parameter

CVE-2025-62254 HIGH

Liferay Digital Experience Platform - Denial of Service via ComboServlet Query String

CVE-2025-62255 MEDIUM

Liferay DXP <7.3 & 7.4.0-7.4.3.101 - Stored XSS via Knowledge Base Attachment

CVE-2025-62256 MEDIUM

Liferay Portal 7.4.0-7.4.3.109 & DXP Unauthenticated OpenAPI YAML Access

CVE-2025-62247 MEDIUM

Liferay Portal 7.4.0-7.4.3.132 and Liferay DXP 2024.Q1.1-2024.Q1.19 - Missing Authorization in Collection Provider

CVE-2025-62248 MEDIUM

Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.19 - Authenticated XSS via DDMPortlet Definition Parameter

CVE-2025-62249 MEDIUM

Liferay Portal 7.4.0-7.4.3.132 and Liferay DXP 2023.Q4.0-2023.Q4.10 - Unauthenticated Reflected Cross-Site Scripting

CVE-2025-62250 MEDIUM

Liferay Digital Experience Platform < 7.3 - Improper Authentication via Unauthenticated Cluster Messages

CVE-2025-62251 MEDIUM

Liferay Portal 7.3.0-7.4.3.119 & DXP < 2023.Q3.9/2023.Q4.6/7.4 GA-92/7.3 GA-36 - Unauthorized Information Disclosure

CVE-2025-62252 MEDIUM

Liferay Portal 7.4.0-7.4.3.111 & DXP 2023.Q4.0-2023.Q4.5 IDOR via UsersAdminPortlet

CVE-2025-62246 MEDIUM

Liferay Portal 7.4.0-7.4.3.111 and DXP < 2023.Q4.6 - Authenticated Stored Cross-Site Scripting via User Name Field

CVE-2025-62242 MEDIUM

Liferay Portal 7.4.3.4-7.4.3.111 & DXP 2023.Q4.0-2023.Q4.5, 2023.Q3.1-2023.Q3.8, 7.4 GA-92 - IDOR via Account Address

Page 1 of 14 Next

Products

liferay_portal 319 digital_experience_platform 264 dxp 39 liferay_enterprise_portal 9 DXP 2 Portal 2 portal 2 liferay 1 liferay_portal_enterprise 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy