Homepage

Find out if you have vulnerabilities that put you at risk

Test your applications
Toggle filtering controls
Report a new vulnerability
  • M
Authorization Bypass Through User-Controlled KeyCVE-2025-62242
Affects com.liferay:com.liferay.account.service | Versions [,2.0.119)
Has fix
MavenPublished 14 Oct 2025
  • M
Authorization Bypass Through User-Controlled KeyCVE-2025-62242
Affects com.liferay:com.liferay.account.admin.web | Versions [,2.0.115)
Has fix
MavenPublished 14 Oct 2025
  • M
Authorization Bypass Through User-Controlled KeyCVE-2025-62241
Affects com.liferay.commerce:com.liferay.commerce.service | Versions [,11.0.162)
Has fix
MavenPublished 14 Oct 2025
  • M
Authorization Bypass Through User-Controlled KeyCVE-2025-62241
Affects com.liferay.commerce:com.liferay.commerce.shipment.web | Versions [,4.0.64)
Has fix
MavenPublished 14 Oct 2025
  • M
Authorization Bypass Through User-Controlled KeyCVE-2025-62252
Affects com.liferay.portal:com.liferay.portal.impl | Versions [,99.0.1)
Has fix
MavenPublished 14 Oct 2025
  • M
Cross-site Scripting (XSS)CVE-2025-62246
Affects com.liferay:com.liferay.mentions.web | Versions [,6.0.35)
Has fix
MavenPublished 14 Oct 2025
  • M
Incorrect Execution-Assigned PermissionsCVE-2025-30001
Affects org.apache.streampark:streampark | Versions [2.1.4,]
Has fix
MavenPublished 13 Oct 2025
  • M
Cross-site Request Forgery (CSRF)CVE-2025-62245
Affects com.liferay:com.liferay.change.tracking.web | Versions [2.0.9,2.0.121)
Has fix
MavenPublished 13 Oct 2025
  • M
SQL InjectionCVE-2025-62228
Affects org.apache.flink:flink-cdc-pipeline-connector-oceanbase | Versions [3.0.0,3.5.0)
Has fix
MavenPublished 13 Oct 2025
  • M
SQL InjectionCVE-2025-62228
Affects org.apache.flink:flink-connector-sqlserver-cdc | Versions [3.0.0,3.5.0)
Has fix
MavenPublished 13 Oct 2025
  • M
SQL InjectionCVE-2025-62228
Affects org.apache.flink:flink-connector-oracle-cdc | Versions [3.0.0,3.5.0)
Has fix
MavenPublished 13 Oct 2025
  • M
SQL InjectionCVE-2025-62228
Affects org.apache.flink:flink-connector-mysql-cdc | Versions [3.0.0,3.5.0)
Has fix
MavenPublished 13 Oct 2025
  • M
SQL InjectionCVE-2025-62228
Affects org.apache.flink:flink-connector-db2-cdc | Versions [3.0.0,3.5.0)
Has fix
MavenPublished 13 Oct 2025
  • M
SQL InjectionCVE-2025-62228
Affects org.apache.flink:flink-cdc-pipeline-connector-mysql | Versions [3.0.0,3.5.0)
Has fix
MavenPublished 13 Oct 2025
  • M
Cross-site Scripting (XSS)CVE-2025-62239
Affects com.liferay:com.liferay.portal.workflow.kaleo.designer.web | Versions [5.0.56, 5.0.124)
Has fix
MavenPublished 13 Oct 2025
  • M
Missing AuthorizationCVE-2025-11580
Affects tech.powerjob:powerjob-server-starter | Versions [0,]
Has fix
MavenPublished 12 Oct 2025
  • M
Missing AuthorizationCVE-2025-11581
Affects tech.powerjob:powerjob-server-starter | Versions [0,]
Has fix
MavenPublished 12 Oct 2025
  • M
Cross-site Scripting (XSS)CVE-2025-43822
Affects com.liferay.commerce:com.liferay.commerce.term.service | Versions [,1.0.45)
Has fix
MavenPublished 12 Oct 2025
  • M
Cross-site Scripting (XSS)CVE-2025-62240
Affects com.liferay:com.liferay.calendar.web | Versions [5.0.45, 5.0.88)
Has fix
MavenPublished 12 Oct 2025
  • M
Cross-site Scripting (XSS)CVE-2025-62237
Affects com.liferay.commerce:com.liferay.commerce.order.web | Versions [5.0.29,5.0.101)
Has fix
MavenPublished 12 Oct 2025
  • M
Cross-site Scripting (XSS)CVE-2025-62238
Affects com.liferay:com.liferay.account.admin.web | Versions [2.0.30,2.0.114)
Has fix
MavenPublished 12 Oct 2025
  • M
Cross-site Scripting (XSS)CVE-2025-43821
Affects com.liferay.commerce:com.liferay.commerce.product.service | Versions [6.0.5,6.0.134)
Has fix
MavenPublished 10 Oct 2025
  • M
Cross-site Scripting (XSS)CVE-2025-43823
Affects com.liferay.commerce:com.liferay.commerce.product.service | Versions [6.0.5,6.0.134)
Has fix
MavenPublished 10 Oct 2025
  • M
Cross-site Scripting (XSS)CVE-2025-43830
Affects com.liferay:com.liferay.dynamic.data.mapping.form.field.type | Versions [,6.0.162)
Has fix
MavenPublished 10 Oct 2025
  • H
Allocation of Resources Without Limits or ThrottlingCVE-2025-11419
Affects org.keycloak:keycloak-quarkus-dist | Versions [,26.0.16)[26.1.0,26.2.10)[26.4.0,26.4.1)
Has fix
MavenPublished 10 Oct 2025
  • L
Insufficient Session ExpirationCVE-2025-11429
Affects org.keycloak:keycloak-services | Versions [,26.4.2)
Has fix
MavenPublished 10 Oct 2025
  • M
Insertion of Sensitive Information into Log FileCVE-2025-37727
Affects org.elasticsearch:elasticsearch | Versions [,8.18.8)[8.19.0,8.19.5)[9.0.0-beta1,9.0.8)[9.1.0,9.1.5)
Has fix
MavenPublished 10 Oct 2025
  • M
Insertion of Sensitive Information into Log FileCVE-2025-37727
Affects org.elasticsearch.plugin:reindex-client | Versions [7.0.0-alpha1,]
Has fix
MavenPublished 10 Oct 2025
  • M
Cross-site Scripting (XSS)CVE-2025-43771
Affects com.liferay:com.liferay.asset.publisher.web | Versions [5.0.105,5.0.125)
Has fix
MavenPublished 10 Oct 2025
  • M
Cross-site Scripting (XSS)CVE-2025-43771
Affects com.liferay:com.liferay.flags.web | Versions [6.0.22,6.0.23)
Has fix
MavenPublished 10 Oct 2025