In Ghost versions 6.0.0 through 6.0.8, and 5.99.0 through 5.130.3 a medium severity vulnerability CVE-2025-9862 was detected. This vulnerability allows attackers to access internal resources through a Server-Side Request Forgery (SSRF) exploit. To fix this problem, users should upgrade to Ghost 5.130.4 or 6.0.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9862.
Read more CMSIn Liferay Portal versions 7.3.0 through 7.4.3.111, Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, and 7.3 GA through update 35 a medium severity vulnerability CVE-2025-43805 was detected. This vulnerability allows remote attackers to view display page templates via crafted URLs due to missing authorization checks. To fix this problem, users should upgrade to Liferay Portal 7.4.3.112, Liferay DXP 2024.Q1.1, Liferay DXP 2023.Q4.0, Liferay DXP 2023.Q3.5, or Liferay DXP 7.3 U36. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43805.
Read more CMSp>In Liferay Portal versions 7.4.0 through 7.4.3.124, and Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 and 7.4 update 81 through update 85 a medium severity vulnerability CVE-2025-43788 was detected. This vulnerability allows attackers to obtain a list of all organizations because the organization selector does not check user permission. To fix this problem, users should upgrade to Liferay Portal 7.4.3.125, Liferay DXP 2024.Q1.13, Liferay DXP 2024.Q2.1, or Liferay DXP 2024.Q3.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43788.
Read more CMSIn Liferay Portal versions 7.4.0 through 7.4.3.132, and Liferay DXP versions 2025.Q3.0, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.20 a medium severity vulnerability CVE-2025-43787 was detected. This vulnerability allows attackers to inject JavaScript through the organization site names, which is stored and executed without proper sanitization or escaping. To fix this problem, users should upgrade to Liferay Portal fixed on master branch, Liferay DXP 2024.Q1.21, or Liferay DXP 2025.Q3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43787.
Read more CMSIn Liferay Portal versions 7.4.0 through 7.4.3.124, and Liferay DXP versions 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-43782 was detected. This vulnerability allows attackers to access a workflow definition by name via the API because of an insecure direct object reference. To fix this problem, users should upgrade to Liferay Portal 7.4.3.125, Liferay DXP 2024.Q1.13, Liferay DXP 2024.Q2.8, or Liferay DXP 2024.Q3.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43782.
Read more CMSIn Liferay Portal versions 7.4.0 through 7.4.3.101 and Liferay DXP versions 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92, and 7.3 GA through update 35 a medium severity vulnerability CVE-2025-43796 was detected. This vulnerability allows remote attackers to perform denial-of-service attacks on the application by executing GraphQL queries that return a large number of objects without restriction. To address this issue, users should upgrade Liferay Portal to version 7.4.3.102 or later, and Liferay DXP to version 2023.Q3.5, 7.4 update 93, or 7.3 update 36. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43796.
Read more CMSIn Liferay Portal versions 7.4.0 through 7.4.3.124 and Liferay DXP versions 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 a high severity vulnerability CVE-2025-43790 was detected. This vulnerability allows remote authenticated users from one virtual instance to access, create, edit, and relate data/object entries or definitions to an object in a different virtual instance. To address this issue, users should upgrade Liferay Portal to version 7.4.3.125 or later, and Liferay DXP to version 2024.Q2.7, 2024.Q1.13, or 7.4 update 93. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43790.
Read more CMSIn Liferay Portal versions 7.4.3.73 through 7.4.3.128 and Liferay DXP versions 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 73 through update 92 a medium severity vulnerability CVE-2025-43783 was detected. This vulnerability allows attackers to inject arbitrary web script or HTML via the /c/portal/comment/discussion/get_editor path. To address this issue, users should upgrade Liferay Portal to version 7.4.3.129 or later, and Liferay DXP to versions 2024.Q3.2, 2024.Q2.14, or 2024.Q1.13. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43783.
In Liferay Portal versions 7.4.0 through 7.4.3.124 and Liferay DXP versions 2024.Q2.0 through 2024.Q2.8, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 a midium severity vulnerability CVE-2025-43784 was detected. This vulnerability allows guest users to obtain object entries information via the API Builder. To address this issue, users should upgrade Liferay Portal to version 7.4.3.125 or later, and Liferay DXP to versions 2024.Q2.9 or 2024.Q1.13. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43784.
Read more CMS