Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Api Bfla Api Bola Api Broken Auth Api Broken Object Prop Auth Api Dos Api Improper Inventory Management Api Misconfiguration Api Ssrf Arbitrary File Creation Arbitrary File Read Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities LLM Ldap Injection Llm Excessive Agency Llm Insecure Output Handling Llm Prompt Injection Llm Prompt Leakage Llm Sensitive Information Disclosure Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33334) CVE-2021-33334 CWE-276 CWE-276 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-38268) CVE-2021-38268 CWE-276 CWE-276 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-26595) CVE-2022-26595 CWE-276 CWE-276 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-41414) CVE-2022-41414 CWE-276 CWE-276 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-42127) CVE-2022-42127 CWE-276 CWE-276 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-42128) CVE-2022-42128 CWE-276 CWE-276 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-42130) CVE-2022-42130 CWE-276 CWE-276 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2024-25605) CVE-2024-25605 CWE-276 CWE-276 Medium Liferay Portal Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2025-43808) CVE-2025-43808 CWE-732 CWE-732 Medium Liferay Portal Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2025-62251) CVE-2025-62251 CWE-732 CWE-732 Medium Liferay Portal Inefficient Regular Expression Complexity Vulnerability (CVE-2022-42124) CVE-2022-42124 CWE-1333 CWE-1333 High Liferay Portal Inefficient Regular Expression Complexity Vulnerability (CVE-2023-33950) CVE-2023-33950 CWE-1333 CWE-1333 High Liferay Portal Inefficient Regular Expression Complexity Vulnerability (CVE-2025-43764) CVE-2025-43764 CWE-1333 CWE-1333 Medium Liferay Portal Insecure Default Initialization of Resource Vulnerability (CVE-2023-33949) CVE-2023-33949 CWE-1188 CWE-1188 High Liferay Portal Insecure Default Initialization of Resource Vulnerability (CVE-2024-25610) CVE-2024-25610 CWE-1188 CWE-1188 Medium Liferay Portal Insecure Default Initialization of Resource Vulnerability (CVE-2024-26267) CVE-2024-26267 CWE-1188 CWE-1188 Medium Liferay Portal Insecure Default Initialization of Resource Vulnerability (CVE-2025-43797) CVE-2025-43797 CWE-1188 CWE-1188 Medium Liferay Portal Insertion of Sensitive Information into Log File Vulnerability (CVE-2025-62262) CVE-2025-62262 CWE-532 CWE-532 Medium Liferay Portal Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-43768) CVE-2025-43768 CWE-201 CWE-201 High Liferay Portal Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-43814) CVE-2025-43814 CWE-201 CWE-201 Medium Liferay Portal Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-43825) CVE-2025-43825 CWE-201 CWE-201 Medium Liferay Portal Insufficiently Protected Credentials Vulnerability (CVE-2021-29043) CVE-2021-29043 CWE-522 CWE-522 Medium Liferay Portal Insufficient Session Expiration Vulnerability (CVE-2021-33322) CVE-2021-33322 CWE-613 CWE-613 High Liferay Portal Insufficient Session Expiration Vulnerability (CVE-2025-43819) CVE-2025-43819 CWE-613 CWE-613 Medium Liferay Portal Missing Authorization Vulnerability (CVE-2022-38512) CVE-2022-38512 CWE-862 CWE-862 Medium Liferay Portal Missing Authorization Vulnerability (CVE-2022-39975) CVE-2022-39975 CWE-862 CWE-862 Medium Liferay Portal Missing Authorization Vulnerability (CVE-2023-3426) CVE-2023-3426 CWE-862 CWE-862 Medium Liferay Portal Missing Authorization Vulnerability (CVE-2023-33948) CVE-2023-33948 CWE-862 CWE-862 High Liferay Portal Missing Authorization Vulnerability (CVE-2025-43773) CVE-2025-43773 CWE-862 CWE-862 Critical Liferay Portal Missing Authorization Vulnerability (CVE-2025-43788) CVE-2025-43788 CWE-862 CWE-862 Medium Liferay Portal Missing Authorization Vulnerability (CVE-2025-43805) CVE-2025-43805 CWE-862 CWE-862 Medium Liferay Portal Missing Authorization Vulnerability (CVE-2025-62247) CVE-2025-62247 CWE-862 CWE-862 Medium Liferay Portal Missing Authorization Vulnerability (CVE-2025-62256) CVE-2025-62256 CWE-862 CWE-862 Medium Liferay Portal Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2025-43816) CVE-2025-43816 CWE-401 CWE-401 High Liferay Portal Observable Discrepancy Vulnerability (CVE-2024-25146) CVE-2024-25146 CWE-203 CWE-203 Medium Liferay Portal Observable Discrepancy Vulnerability (CVE-2024-26268) CVE-2024-26268 CWE-203 CWE-203 Medium Liferay Portal Observable Discrepancy Vulnerability (CVE-2025-43786) CVE-2025-43786 CWE-203 CWE-203 Medium Liferay Portal Observable Timing Discrepancy Vulnerability (CVE-2025-43754) CVE-2025-43754 CWE-208 CWE-208 Medium Liferay Portal Origin Validation Error Vulnerability (CVE-2022-25146) CVE-2022-25146 CWE-346 CWE-346 Medium Liferay Portal Origin Validation Error Vulnerability (CVE-2025-62250) CVE-2025-62250 CWE-346 CWE-346 Medium Liferay Portal Other Vulnerability (CVE-2023-33946) CVE-2023-33946 Medium Liferay Portal Other Vulnerability (CVE-2023-33947) CVE-2023-33947 Medium Liferay Portal Other Vulnerability (CVE-2024-25150) CVE-2024-25150 Medium Liferay Portal Other Vulnerability (CVE-2024-26270) CVE-2024-26270 Medium Liferay Portal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5327) CVE-2010-5327 CWE-264 CWE-264 High Liferay Portal Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-4581) CVE-2025-4581 CWE-918 CWE-918 High Liferay Portal Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-4655) CVE-2025-4655 CWE-918 CWE-918 Medium Liferay Portal Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-43763) CVE-2025-43763 CWE-918 CWE-918 Medium Liferay Portal Session Fixation Vulnerability (CVE-2023-47798) CVE-2023-47798 CWE-384 CWE-384 Medium Liferay Portal Unchecked Input for Loop Condition Vulnerability (CVE-2025-43801) CVE-2025-43801 CWE-606 CWE-606 High Liferay Portal Uncontrolled Resource Consumption Vulnerability (CVE-2025-43796) CVE-2025-43796 CWE-400 CWE-400 High Liferay Portal Uncontrolled Resource Consumption Vulnerability (CVE-2025-62260) CVE-2025-62260 CWE-400 CWE-400 High Liferay Portal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-10795) CVE-2018-10795 CWE-434 CWE-434 High Liferay Portal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-15839) CVE-2020-15839 CWE-434 CWE-434 Medium Liferay Portal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2025-43766) CVE-2025-43766 CWE-434 CWE-434 Critical Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-24554) CVE-2020-24554 CWE-601 CWE-601 High Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-33331) CVE-2021-33331 CWE-601 CWE-601 Medium Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28977) CVE-2022-28977 CWE-601 CWE-601 Medium Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-5190) CVE-2023-5190 CWE-601 CWE-601 Medium Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-35029) CVE-2023-35029 CWE-601 CWE-601 Medium Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-25608) CVE-2024-25608 CWE-601 CWE-601 Medium Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-25609) CVE-2024-25609 CWE-601 CWE-601 Medium Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-43767) CVE-2025-43767 CWE-601 CWE-601 Medium Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-43795) CVE-2025-43795 CWE-601 CWE-601 Medium Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-62253) CVE-2025-62253 CWE-601 CWE-601 Medium Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-62266) CVE-2025-62266 CWE-601 CWE-601 Medium Liferay Portal Use of Default Password Vulnerability (CVE-2025-43799) CVE-2025-43799 Medium Liferay Portal Use of Password Hash With Insufficient Computational Effort Vulnerability (CVE-2024-25607) CVE-2024-25607 CWE-916 CWE-916 High Liferay Portal Use of Web Browser Cache Containing Sensitive Information Vulnerability (CVE-2025-62276) CVE-2025-62276 CWE-525 CWE-525 Medium Liferay Portal Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2021-33321) CVE-2021-33321 CWE-640 CWE-640 High Liferay TunnelServlet Deserialization Remote Code Execution CWE-502 CWE-502 High Liferay version older than 7.0 CWE-502 CWE-502 High Liferay version older than 7.1 CWE-918 CWE-918 Medium Liferay XMLRPC Blind SSRF CWE-918 CWE-918 Medium lightbox2 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9441) CVE-2014-9441 CWE-352 CWE-352 Medium 1...74757677...327 75 / 327
