In Liferay Portal versions 7.4.0 through 7.4.3.132, and Liferay DXP versions 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-43731 was detected. This vulnerability allows remote authenticated attackers to inject JavaScript in message board threads and categories, leading to reflected cross-site scripting (XSS). To address this issue, users should upgrade Liferay Portal fixed on master branch and Liferay DXP 2025.Q2.0, 2025.Q1.9 or 2024.Q1.17. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43731.
Read more CMS
In Adobe Commerce versions 2.4.9-alpha1 and earlier a high severity vulnerability CVE-2025-49556 was detected. This vulnerability allows attackers to bypass security measures and gain unauthorized read access. To address this issue, users should upgrade Adobe Commerce to versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14 or 2.4.4-p15. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49556.
Read more E-commerce
In Adobe Commerce versions 2.4.9-alpha1 and earlier a high severity vulnerability CVE-2025-49557 was detected. This vulnerability allows low-privileged attackers to inject malicious scripts into form fields, potentially escalating privileges or compromising sensitive user data. Exploitation requires user interaction by visiting the vulnerable page. To address this issue, users should upgrade Adobe Commerce to versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14 or 2.4.4-p15. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49557.
Read more E-commerce
In Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier a high severity vulnerability CVE-2025-49558 was detected. This vulnerability allows attackers to bypass security features by exploiting a Time-of-check Time-of-use (TOCTOU) Race Condition, enabling unauthorized write access. To address this issue, users should upgrade Magento to versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14 or 2.4.4-p15. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49558.
Read more E-commerce
In Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier a high severity vulnerability CVE-2025-49554 was detected. This vulnerability allows attackers to cause a denial-of-service (DoS) condition by providing specially crafted input, leading the application to crash or become unresponsive. To address this issue, users should upgrade Adobe Commerce to versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14 or 2.4.4-p15. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49554.
Read more E-commerce
In Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier a high severity vulnerability CVE-2025-49555 was detected. This vulnerability allows attackers to escalate privileges through CSRF by tricking authenticated users into performing unintended actions, potentially enabling unauthorized access or modification of sensitive data. Currently, there is no fix version for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49555.
Read more E-commerce
In Dolibarr ERP/CRM versions up to and including 3.1.1 and 3.2.0 a critical severity vulnerability CVE-2012-10059 was detected. This vulnerability allows authenticated attackers to execute arbitrary system commands via the database backup feature, due to improper sanitization of the sql_compat parameter in the export.php script. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2012-10059.
Read more ERP
In Umbraco CMS versions prior to 4.7.1 a critical severity vulnerability CVE-2012-10054 was detected. This vulnerability allows attackers to upload and run malicious files on the website without needing to log in. To fix this issue, users should upgrade Umbraco CMS to version 4.7.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2012-10054.
Read more CMS
In Liferay Portal verions 7.4.0 through 7.4.3.132, and Liferay DXP versions 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-43734 was detected. This vulnerability allows remote authenticated attackers to inject JavaScript code into the “first display label” field of a custom sort widget, which is then reflected and executed by the clay button taglib when the page is refreshed. To address this issue, users should upgrade Liferay Portal to master branch and Liferay DXP to versions 2025.Q2.0, 2025.Q1.11 or 2024.Q1.17. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43734.
Read more CMS