Lucene search
K

20 matches found

Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.13 views

PT-2026-41860

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.06 Description Improper Control of Generation of Code Code Injection and Improper Neutralization of Directives in Dynamically Evaluated Code Eval Injection in the 'traverseContent' service allow authenticat...

8.8CVSS5.9AI score0.0055EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/07 9:27 a.m.9 views

CVE-2019-12425

Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host...

7.5CVSS7.3AI score0.04665EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-50985

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.01793EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-33566

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.0175EPSS
Exploits0References2
CNVD
CNVD
added 2025/08/26 12:0 a.m.4 views

Apache OFBiz Code Execution Vulnerability (CNVD-2025-20870)

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A code execution vulnerability exists in Apache OFBiz versions prior to 24.09.02 that stems from improper...

9.8CVSS8.4AI score0.13995EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:38 a.m.13 views

CVE-2024-47208

Server-Side Request Forgery SSRF, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue...

9.8CVSS7.1AI score0.01609EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:25 a.m.8 views

CVE-2022-25813

In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SST...

7.5CVSS6.7AI score0.67261EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/04/01 2:43 p.m.16 views

CVE-2025-30676 Apache OFBiz: Stored XSS Vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.19. Users are recommended to upgrade to version 18.12.19, which fixes the issue...

0.65347EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/03/10 2:1 p.m.34 views

CVE-2025-26865 Apache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCE

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18. It's a regression between 18.12.17 and 18.12.18. In case you use something like that, which is not recommended! For security, only...

0.00623EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/02/17 12:0 a.m.5 views

PT-2025-10463 · Apache · Apache Ofbiz

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions 18.12.17 through 18.12.18 Description: The issue is related to the improper neutralization of special elements used in a template engine, which can lead to remote code execution. This is a regression between versions...

3.6CVSS4.5AI score0.00623EPSS
Exploits0References26
RedhatCVE
RedhatCVE
added 2025/02/14 11:39 a.m.17 views

CVE-2024-32113

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue...

9.8CVSS9.6AI score0.99442EPSS
Exploits7References1
Rapid7 Blog
Rapid7 Blog
added 2024/09/05 2:54 p.m.60 views

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)

Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server. Exploitation is facilitated by bypassing...

9.8CVSS9.8AI score0.99983EPSS
Exploits15
CNVD
CNVD
added 2024/09/04 12:0 a.m.8 views

Apache OFBiz Code Execution Vulnerability (CNVD-2024-39150)

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A code execution vulnerability exists in Apache OFBiz, which can be exploited by an attacker to execute...

9.8CVSS7.8AI score0.93243EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/09/04 12:0 a.m.166 views

CVE-2024-45195

Direct Request ‘Forced Browsing’ vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. Recent assessments: remmons-r7 at September 25, 2024 3:32pm UTC reported: Apache OFBiz is an open-source...

9.8CVSS8.6AI score0.99983EPSS
In wildExploits15References5
CNVD
CNVD
added 2024/08/07 12:0 a.m.10 views

Apache OFBiz Authorization Error Vulnerability

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. An authorization error vulnerability exists in Apache OFBiz versions 18.12.14 and earlier, which could be...

9.8CVSS7.2AI score0.99427EPSS
Exploits10References1
Zero Day Initiative
Zero Day Initiative
added 2024/08/06 12:0 a.m.7 views

Apache OFBiz resolveURI Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the resolveURI method. The issue results from improper URI validation...

9.8CVSS7.1AI score0.99427EPSS
Exploits10References1
Positive Technologies
Positive Technologies
added 2023/12/26 12:0 a.m.7 views

PT-2023-8022

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 18.12.11 Description The vulnerability allows attackers to bypass authentication processes, enabling them to remotely execute arbitrary code. This issue is related to insufficient validation of incoming requests...

9.8CVSS7.5AI score0.96001EPSS
Exploits12References134
Positive Technologies
Positive Technologies
added 2023/12/04 12:0 a.m.8 views

PT-2023-7705 · Apache · Apache Ofbiz

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions prior to 18.12.10 Description: The issue is related to a pre-authentication remote code execution vulnerability in Apache OFBiz due to the presence of unmaintained XML-RPC. This vulnerability allows an attacker to execut...

9.8CVSS9.8AI score0.96001EPSS
Exploits16References76
CNVD
CNVD
added 2021/04/28 12:0 a.m.14 views

Apache OFBiz Remote Code Execution Vulnerability

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. Apache OFBiz versions prior to 17.12.07 remote code execution vulnerability , the vulnerability stems from...

9.8CVSS7.7AI score0.5537EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/03/22 12:0 a.m.2 views

PT-2021-2512 · Apache · Apache Ofbiz

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions prior to 17.12.06 Description: The issue is related to unsafe deserialization in Apache OFBiz, allowing an unauthenticated attacker to take over the system. This can impact the confidentiality, integrity, and availabilit...

9.8CVSS8.2AI score0.97969EPSS
Exploits9References43
Rows per page
Query Builder