In Liferay Portal versions 7.4.3.45 through 7.4.3.128 and Liferay DXP versions 2024.Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 a medium severity vulnerability CVE-2025-43785 was detected. This vulnerability allows attackers to execute arbitrary web script or HTML in the My Workflow Tasks page. To address this issue, users should upgrade Liferay Portal to version 7.4.3.129 or later, and Liferay DXP to versions 2024.Q2.10 or 2024.Q1.13. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43785.
Read more CMS
In GitLab Community Edition and Enterprise Edition all versions prior to 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 a medium severity vulnerability CVE-2025-5101 was detected. This vulnerability allows an authenticated attacker under certain conditions to distribute malicious code that appears harmless in the web interface by exploiting ambiguity between branches and tags during repository imports. To address this issue, users should upgrade GitLab to versions 18.1.5, 18.2.5, 18.3.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5101.
Read more Developer Tools
In Liferay Portal versions 7.4.3.110 through 7.4.3.128, and Liferay DXP versions 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.12 a medium severity vulnerability CVE-2025-43781 was detected. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the URL in the search bar portlet, leading to reflected cross-site scripting. To address this issue, users should upgrade Liferay Portal to version 7.4.3.129, or Liferay DXP to versions 2024.Q1.13, 2024.Q3.2 or 2024.Q4.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43781.
Read more CMS
In Liferay Portal versions 7.4.0 through 7.4.3.132, and Liferay DXP versions 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19, and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-43776 was detected. This vulnerability allows a remote authenticated attacker to inject JavaScript through a Custom Object field label. To address this issue, users should upgrade Liferay Portal to the latest patched version on the master branch, or Liferay DXP to versions 2024.Q1.20, 2025.Q1.17, or 2025.Q2.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43776.
Read more CRM
In Liferay Portal versions 7.4.0 through 7.4.3.128, and Liferay DXP versions 2024.Q3.0 through 2024.Q3.5, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-43775 was detected. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the remote app title field, leading to stored cross-site scripting. To address this issue, users should upgrade Liferay Portal to version 7.4.3.129, or Liferay DXP to versions 2024.Q1.13, 2024.Q3.6 or 2024.Q4.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43775.
Read more CMS
In SonarQube Server and Cloud versions 4 through 5.3.0 a high severity vulnerability CVE-2025-58178 was detected. This vulnerability allows untrusted input arguments in the SonarQube Scan GitHub Action to be processed without proper sanitization, leading to command injection. To address this issue, users should upgrade SonarQube to version 5.3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-58178.
Read more Developer Tools
In Liferay Portal versions 7.4.0 through 7.4.3.128, and Liferay DXP versions 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-43786 was detected. This vulnerability allows attackers to determine existent ERC in the application by exploiting the time response. To address this issue, users should upgrade Liferay Portal to version 7.4.3.129, or Liferay DXP to versions 2024.Q1.13, 2024.Q3.2 or 2024.Q4.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43786.
Read more CMS
In Liferay Portal versions 7.4.0 through 7.4.3.132, and Liferay DXP versions 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.19 a medium severity vulnerability CVE-2025-43777 was detected. This vulnerability causes an “Internal Server Error” to be returned in the response body when a login attempt is made using a deleted Client Secret. To address this issue, users should upgrade Liferay Portal to master branch and Liferay DXP to versions 2025.Q2.10, 2025.Q1.17, or 2024.Q1.20. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43777.
Read more CMS
In Liferay Portal version 7.4.3.132, and Liferay DXP versions 2025.Q1.0 through 2025.Q1.17 a medium severity vulnerability CVE-2025-43774 was detected. This vulnerability allows a remote authenticated user to inject JavaScript code via the Style Book theme name. The malicious payload is then reflected and executed within the user’s browser. To address this issue, users should upgrade Liferay Portal to master branch and Liferay DXP to version 2025.Q1.18. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43774.
Read more CMS