Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Api Bfla Api Bola Api Broken Auth Api Broken Object Prop Auth Api Dos Api Improper Inventory Management Api Misconfiguration Api Ssrf Arbitrary File Creation Arbitrary File Read Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities LLM Ldap Injection Llm Excessive Agency Llm Insecure Output Handling Llm Prompt Injection Llm Prompt Leakage Llm Sensitive Information Disclosure Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-4388) CVE-2025-4388 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-4576) CVE-2025-4576 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-4599) CVE-2025-4599 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-4604) CVE-2025-4604 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43746) CVE-2025-43746 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43755) CVE-2025-43755 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43756) CVE-2025-43756 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43757) CVE-2025-43757 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43761) CVE-2025-43761 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43765) CVE-2025-43765 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43769) CVE-2025-43769 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43770) CVE-2025-43770 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43771) CVE-2025-43771 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43775) CVE-2025-43775 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43776) CVE-2025-43776 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43778) CVE-2025-43778 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43779) CVE-2025-43779 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43781) CVE-2025-43781 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43783) CVE-2025-43783 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43785) CVE-2025-43785 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43787) CVE-2025-43787 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43791) CVE-2025-43791 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43794) CVE-2025-43794 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43800) CVE-2025-43800 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43802) CVE-2025-43802 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43804) CVE-2025-43804 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43807) CVE-2025-43807 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43811) CVE-2025-43811 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43812) CVE-2025-43812 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43815) CVE-2025-43815 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43817) CVE-2025-43817 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43818) CVE-2025-43818 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43820) CVE-2025-43820 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43821) CVE-2025-43821 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43822) CVE-2025-43822 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43823) CVE-2025-43823 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43824) CVE-2025-43824 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43826) CVE-2025-43826 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43829) CVE-2025-43829 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43830) CVE-2025-43830 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62237) CVE-2025-62237 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62238) CVE-2025-62238 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62239) CVE-2025-62239 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62240) CVE-2025-62240 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62246) CVE-2025-62246 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62248) CVE-2025-62248 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62249) CVE-2025-62249 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62255) CVE-2025-62255 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62263) CVE-2025-62263 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62264) CVE-2025-62264 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62265) CVE-2025-62265 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62267) CVE-2025-62267 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-29053) CVE-2021-29053 CWE-138 CWE-138 High Liferay Portal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-42120) CVE-2022-42120 CWE-138 CWE-138 Critical Liferay Portal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-42121) CVE-2022-42121 CWE-138 CWE-138 High Liferay Portal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-42122) CVE-2022-42122 CWE-138 CWE-138 Critical Liferay Portal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-33945) CVE-2023-33945 CWE-138 CWE-138 High Liferay Portal Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2025-62257) CVE-2025-62257 CWE-307 CWE-307 Medium Liferay Portal Improper Restriction of XML External Entity Reference Vulnerability (CVE-2024-25606) CVE-2024-25606 CWE-611 CWE-611 High Liferay Portal Improper Validation of Specified Quantity in Input Vulnerability (CVE-2025-43793) CVE-2025-43793 CWE-1284 CWE-1284 High Liferay Portal Incorrect Authorization Vulnerability (CVE-2021-33335) CVE-2021-33335 CWE-863 CWE-863 High Liferay Portal Incorrect Authorization Vulnerability (CVE-2024-25149) CVE-2024-25149 CWE-863 CWE-863 Medium Liferay Portal Incorrect Authorization Vulnerability (CVE-2024-25604) CVE-2024-25604 CWE-863 CWE-863 Medium Liferay Portal Incorrect Authorization Vulnerability (CVE-2024-38002) CVE-2024-38002 CWE-863 CWE-863 High Liferay Portal Incorrect Authorization Vulnerability (CVE-2025-3586) CVE-2025-3586 CWE-863 CWE-863 High Liferay Portal Incorrect Authorization Vulnerability (CVE-2025-43784) CVE-2025-43784 CWE-863 CWE-863 Medium Liferay Portal Incorrect Authorization Vulnerability (CVE-2025-43789) CVE-2025-43789 CWE-863 CWE-863 Medium Liferay Portal Incorrect Authorization Vulnerability (CVE-2025-43806) CVE-2025-43806 CWE-863 CWE-863 Medium Liferay Portal Incorrect Authorization Vulnerability (CVE-2025-62243) CVE-2025-62243 CWE-863 CWE-863 Medium Liferay Portal Incorrect Authorization Vulnerability (CVE-2025-62259) CVE-2025-62259 CWE-863 CWE-863 Medium Liferay Portal Incorrect Authorization Vulnerability (CVE-2025-62275) CVE-2025-62275 CWE-863 CWE-863 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-29052) CVE-2021-29052 CWE-276 CWE-276 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33324) CVE-2021-33324 CWE-276 CWE-276 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33327) CVE-2021-33327 CWE-276 CWE-276 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33333) CVE-2021-33333 CWE-276 CWE-276 Medium 1...73747576...327 74 / 327
