com.liferay.portal:release.portal.bom vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2025-62264Mediumcom.liferay.portal:release.portal.bom: Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId ParameterCVE-2025-62265Mediumcom.liferay.portal:release.portal.bom: Liferay Portal is vulnerable to XSS in the Blogs widgetCVE-2025-62266Mediumcom.liferay.portal:release.portal.bom: Liferay Portal is vulnerable to DNS rebinding attacksCVE-2025-62257Mediumcom.liferay.portal:release.portal.bom: Liferay Portal vulnerable to password enumerationCVE-2025-62258Highcom.liferay.portal:release.portal.bom: Liferay Portal Vulnerable to CSRF in Headless APIsCVE-2025-62260Highcom.liferay.portal:release.portal.bom: Liferay Portal Vulnerable to DoS via Crafted Headless API RequestCVE-2025-62259Mediumcom.liferay.portal:release.portal.bom: Liferay Portal Does Not Limit Access to APIs Before Email VerificationCVE-2025-62261Mediumcom.liferay.portal:release.portal.bom: Liferay Portal Stores Password Reset Tokens in Plain TextCVE-2025-43830Mediumcom.liferay.portal:release.portal.bom: Liferay Portal is vulnerable to Stored XSS through Forms text type fieldCVE-2025-43823Mediumcom.liferay.portal:release.portal.bom: Liferay Portal is vulnerable to XSS through its Commerce Search Result widgetCVE-2025-43822Mediumcom.liferay.portal:release.portal.bom: Liferay Portal has multiple Stored XSS vulnerabilities on its View Order pageCVE-2025-43824Mediumcom.liferay.portal:release.portal.bom: Liferay Profile Widget does not prevent vCard extension spoofingCVE-2025-43826Mediumcom.liferay.portal:release.portal.bom: Liferay Portal Vulnerable to XSS in Web Content translationCVE-2025-43812Mediumcom.liferay.portal:release.portal.bom: Liferay Portal vulnerable to cross-site scripting in the web content templateCVE-2025-43820Mediumcom.liferay.portal:release.portal.bom: Liferay Portal vulnerable to cross-site scripting in the Calendar widgetCVE-2025-43817Mediumcom.liferay.portal:release.portal.bom: Liferay Portal vulnerable to reflected cross-site scripting via the `redirect` parameterCVE-2025-43813Mediumcom.liferay.portal:release.portal.bom: Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServletCVE-2025-43799Mediumcom.liferay.portal:release.portal.bom: Liferay Portal Uses Default PasswordCVE-2025-43785Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP vulnerable to Stored Cross-site ScriptingCVE-2025-43776Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP vulnerable to store Cross-site ScriptingCVE-2025-43760Mediumcom.liferay.portal:release.portal.bom: Liferay Portal Reflected Cross-Site Scripting Vulnerability via PortalUtil.escapeRedirectCVE-2025-43752Mediumcom.liferay.portal:release.portal.bom: Liferay Portal's Unlimited File Upload Could Result in DoSCVE-2025-43754Mediumcom.liferay.portal:release.portal.bom: Liferay Portal Username Enumeration VulnerabilityCVE-2025-43756Mediumcom.liferay.portal:release.portal.bom: Liferay Portal Reflected Cross-Site Scripting Vulnerability via snippet ParameterCVE-2025-43746Mediumcom.liferay.portal:release.portal.bom: Liferay Portal Vulnerable to Cross-Site Scripting in Dynamic Data Mapping

Stop the waste.
Protect your environment with Kodem.