{"url":"http://public2.vulnerablecode.io/api/packages/809308?format=json","purl":"pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.85","type":"maven","namespace":"com.liferay","name":"com.liferay.portal.vulcan.impl","version":"5.0.85","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.0.127","latest_non_vulnerable_version":"5.0.127","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88408?format=json","vulnerability_id":"VCID-53r6-urqs-afes","summary":"Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though update 35 does not limit the number of objects returned from a GraphQL queries, which allows remote attackers to perform denial-of-service (DoS) attacks on the application by executing queries that return a large number of objects.","references":[{"reference_url":"http://github.com/liferay/liferay-portal/commit/8f7eb98e05a5ea6961346ecc21fd73e4b46bba99","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/liferay/liferay-portal/commit/8f7eb98e05a5ea6961346ecc21fd73e4b46bba99"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43796","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45496","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43796"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/2e4adf041e31f3474a14c29b7c135693f6529400","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/2e4adf041e31f3474a14c29b7c135693f6529400"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/2f74f23982fb03238f9b4ae145c33a9c1084f07e","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/2f74f23982fb03238f9b4ae145c33a9c1084f07e"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/3780804b0d8f4f14bfca470a3e2e662bc6cef588","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/3780804b0d8f4f14bfca470a3e2e662bc6cef588"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/8344aec3bebcd2ca409794523d5db5be6047c3dd","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/8344aec3bebcd2ca409794523d5db5be6047c3dd"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/83e77963499d4d3e7cc82cc48e63c992f6f29a6d","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/83e77963499d4d3e7cc82cc48e63c992f6f29a6d"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/8dda4adc0e9e7b6f82d4b3959592cad61640309b","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/8dda4adc0e9e7b6f82d4b3959592cad61640309b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43796","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43796"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43796","reference_id":"CVE-2025-43796","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-12T19:27:21Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43796"},{"reference_url":"https://github.com/advisories/GHSA-f3hf-r62c-mfrj","reference_id":"GHSA-f3hf-r62c-mfrj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f3hf-r62c-mfrj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376781?format=json","purl":"pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.105","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e3n1-c81q-y7br"},{"vulnerability":"VCID-eng3-2741-47fm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.105"}],"aliases":["CVE-2025-43796","GHSA-f3hf-r62c-mfrj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53r6-urqs-afes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88407?format=json","vulnerability_id":"VCID-e3n1-c81q-y7br","summary":"Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update 92 allow attackers to determine existent ERC in the application by exploit the time response.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43786","reference_id":"","reference_type":"","scores":[{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19544","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43786"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/8f9728086bd61661437b0aa8493c83510914a474","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/8f9728086bd61661437b0aa8493c83510914a474"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/e34499eab2ce1d544835835afe6733a78b4ab532","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/e34499eab2ce1d544835835afe6733a78b4ab532"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/e4a140d6d92e92911f08fe33051b677742531f19","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/e4a140d6d92e92911f08fe33051b677742531f19"},{"reference_url":"https://liferay.atlassian.net/browse/LPE-18106","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.atlassian.net/browse/LPE-18106"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43786","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43786"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43786","reference_id":"CVE-2025-43786","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-10T15:57:30Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43786"},{"reference_url":"https://github.com/advisories/GHSA-9p7x-8c57-4pqv","reference_id":"GHSA-9p7x-8c57-4pqv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9p7x-8c57-4pqv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376777?format=json","purl":"pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.127","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.127"}],"aliases":["CVE-2025-43786","GHSA-9p7x-8c57-4pqv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e3n1-c81q-y7br"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88511?format=json","vulnerability_id":"VCID-eng3-2741-47fm","summary":"A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2024.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows an attacker to cause server unavailability (denial of service) via repeatedly calling the API endpoint.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43816","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34091","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43816"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://liferay.atlassian.net/browse/LPE-18005","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.atlassian.net/browse/LPE-18005"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43816","reference_id":"CVE-2025-43816","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T17:38:55Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43816"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43816","reference_id":"CVE-2025-43816","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43816"},{"reference_url":"https://github.com/advisories/GHSA-hrqm-qpw9-w8rv","reference_id":"GHSA-hrqm-qpw9-w8rv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hrqm-qpw9-w8rv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33966?format=json","purl":"pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.115","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e3n1-c81q-y7br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.115"}],"aliases":["CVE-2025-43816","GHSA-hrqm-qpw9-w8rv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eng3-2741-47fm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/127391?format=json","vulnerability_id":"VCID-v1t7-ftn6-1bcw","summary":"Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack 8 through fix pack 20 does not limit the depth of a GraphQL queries, which allows remote attackers to perform denial-of-service (DoS) attacks on the application by executing complex queries.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3602","reference_id":"","reference_type":"","scores":[{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.6829","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3602"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/6c6dad38c9c891ad58cdee9deb2e35432d7e8816","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/6c6dad38c9c891ad58cdee9deb2e35432d7e8816"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3602","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3602"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3602","reference_id":"CVE-2025-3602","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T14:29:39Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3602"},{"reference_url":"https://github.com/advisories/GHSA-8c26-xm99-53w7","reference_id":"GHSA-8c26-xm99-53w7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8c26-xm99-53w7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378707?format=json","purl":"pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.103","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53r6-urqs-afes"},{"vulnerability":"VCID-e3n1-c81q-y7br"},{"vulnerability":"VCID-eng3-2741-47fm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.103"}],"aliases":["CVE-2025-3602","GHSA-8c26-xm99-53w7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v1t7-ftn6-1bcw"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.vulcan.impl@5.0.85"}