Com.liferay.portal:com.liferay.portal.kernel
This hub aggregates every CVE we track for Com.liferay.portal:com.liferay.portal.kernel, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
6
CVEs tracked
1
Critical
3
High
1
In CISA KEV
Severity distribution
HIGH3MEDIUM2CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
1
0
1
2
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 6 most recently published vulnerabilities affecting Com.liferay.portal:com.liferay.portal.kernel.
- CVE-2025-43792Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35,...5.3
- CVE-2025-43793Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsuppo...7.5
- CVE-2025-43770A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024...6.1
- CVE-2025-3526SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request par...7.5
- CVE-2024-25607The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 be...8.1
- CVE-2020-7961Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).KEV9.8
Product normalization is registry-driven with AI assist and human review. How it works