| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-process screen stack vulnerability in the UIExtension module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Cross-process screen stack vulnerability in the UIExtension module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Read/Write vulnerability in the image decoding module
Impact: Successful exploitation of this vulnerability will affect availability. |
| Read/Write vulnerability in the image decoding module
Impact: Successful exploitation of this vulnerability will affect availability. |
| Read/Write vulnerability in the image decoding module
Impact: Successful exploitation of this vulnerability will affect availability. |
| Vulnerability of improper access control in the album module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| File replacement vulnerability on some devices
Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. |
| Permission control vulnerability in the clipboard module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission control vulnerability in the ability module
Impact: Successful exploitation of this vulnerability may cause features to function abnormally. |
| Vulnerability of processes not being fully terminated in the VPN module
Impact: Successful exploitation of this vulnerability will affect power consumption. |
| Page table protection configuration vulnerability in the trusted firmware module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Access control vulnerability in the SystemUI module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Vulnerability of PIN enhancement failures in the screen lock module
Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. |
| Access permission verification vulnerability in the Notepad module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission control vulnerability in the App Multiplier module
Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality. |
| Access control vulnerability in the security verification module
mpact: Successful exploitation of this vulnerability will affect integrity and confidentiality. |
| Access permission verification vulnerability in the Contacts module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization bypass.
Your application may be affected by this if you are using Spring Security's @EnableMethodSecurity feature.
You are not affected by this if you are not using @EnableMethodSecurity or if you do not use security annotations on methods in generic superclasses or generic interfaces.
This CVE is published in conjunction with CVE-2025-41249 https://spring.io/security/cve-2025-41249 . |
| Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows remote unauthenticated users (guests) to upload files via the form attachment field without proper validation, enabling extension obfuscation and bypassing MIME type checks. |
