In Mautic versions 4.4.0 and later, including 5.0.0-alpha and 6.0.0-alpha a medium severity vulnerability CVE-2025-9823 was detected. This vulnerability allows attackers to run arbitrary JavaScript in another user’s browser session by exploiting a reflected XSS in the lead:addLeadTags endpoint. To address this issue, users should upgrade Mautic to versions 4.4.17, 5.2.8 or 6.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9823.
Read more Marketing AutomationIn Mautic versions 4.4.0 and later, including 5.0.0-alpha and 6.0.0-alpha a medium severity vulnerability CVE-2025-9822 was detected. This vulnerability allows an administrator to change application configuration and access secrets, such as database credentials, that are normally restricted. To address this issue, users should upgrade Mautic to versions 4.4.17, 5.2.8 or 6.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9822.
Read more Marketing AutomationIn Liferay Portal versions 7.4.3.27 through 7.4.3.42, and Liferay DXP versions 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 27 through update 42 a high severity vulnerability CVE-2025-3586 was detected. This vulnerability allows an authenticated administrator with the Instance Administrator role to execute arbitrary Groovy scripts (i.e., remote code execution) through the Objects module. To address this issue, users should upgrade Liferay Portal to versions 7.4.3.43 and Liferay DXP to versions 2024.Q2.0 or 2024.Q3.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3586.
Read more CMSIn Mautic versions 4.4.0 through 4.4.16, 5.0.0-alpha through 5.2.7, and 6.0.0-alpha through 6.0.4 a low severity vulnerability CVE-2025-9821 was detected. This vulnerability allows a user with webhook permissions to perform a Server-Side Request Forgery (SSRF) attack by sending webhooks to an unvalidated destination. To address this issue, users should upgrade Mautic to versions 4.4.17, 5.2.8 or 6.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9821.
Read more Marketing AutomationIn Liferay Portal versions 7.4.0 through 7.4.3.132, and Liferay DXP versions 2025.Q2.0 through 2025.Q2.1, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.18 a medium severity vulnerability CVE-2025-43773 was detected. This vulnerability allows for improper access through the expandoTableLocalService. To address this issue, users should upgrade Liferay Portal to master branch and Liferay DXP to versions 2025.Q2.1, 2025.Q1.15 or 2024.Q1.19. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43773.
Read more CMSIn Liferay Portal versions 7.4.0 through 7.4.3.132, and Liferay DXP versions 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-43752 was detected. This vulnerability allows an attacker to upload an unlimited amount of files through the object entries attachment fields, which can lead to a potential Denial-of-Service (DoS). To address this issue, users should upgrade Liferay Portal to master branch and Liferay DXP to versions 2025.Q1.5, 2025.Q2.0 or 2024.Q1.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43752.
Read more CMSIn Liferay Portal versions 7.4.0 through 7.4.3.132, and Liferay DXP versions 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-43750 was detected. This vulnerability allows an unauthenticated attacker to upload files via the form attachment field without proper validation, which enables extension obfuscation and bypassing MIME type checks. To address this issue, users should upgrade Liferay Portal to master branch and Liferay DXP to versions 2025.Q1.2 or 2025.Q2.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43750.
Read more CMSIn Liferay Portal versions 7.4.0 through 7.4.3.132, and Liferay DXP versions 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-43749 was detected. This vulnerability allows an unauthenticated attacker to access files uploaded in the form and stored in the document_library. To address this issue, users should upgrade Liferay Portal to master branch and Liferay DXP to versions 2025.Q1.2, 2025.Q2.0 or 2024.Q1.15. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43749.
Read more CMSIn Liferay Portal versions 7.0.0 through 7.4.3.119, and Liferay DXP versions 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions a high severity vulnerability CVE-2025-43748 was detected. This vulnerability allows an attacker to execute Cross-Site Request Forgery attacks against omni-administrator users. To address this issue, users should upgrade Liferay Portal to version 7.4.3.120 and Liferay DXP to versions 2025.Q1.7 or 2025.Q2.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43748.
Read more CMS