Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

32 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:47 p.m.5 views

CVE-2026-45187

Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.5CVSS5.4AI score0.00513EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:45 p.m.7 views

CVE-2026-31378

Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.5CVSS5.4AI score0.00574EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:45 p.m.5 views

CVE-2026-31909

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

7.5CVSS5.4AI score0.00486EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:45 p.m.7 views

CVE-2026-31387

Improper Authentication vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.3CVSS5.4AI score0.00515EPSS
Exploits0References1
NVD
NVDadded 2026/05/19 10:16 a.m.11 views

CVE-2026-41919

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

9.1CVSS0.00454EPSS
Exploits0References2
NVD
NVDadded 2026/05/19 10:16 a.m.12 views

CVE-2026-31388

Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.3CVSS0.00416EPSS
Exploits0References2
NVD
NVDadded 2026/05/19 10:16 a.m.10 views

CVE-2026-29220

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.5CVSS0.00684EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/19 9:41 a.m.11 views

EUVD-2026-30876

Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...

7.3CVSS5.8AI score0.0055EPSS
Exploits0References1
CVE
CVEadded 2026/05/19 9:40 a.m.21 views

CVE-2026-45434

CVE-2026-45434 describes an "Improper Authentication" vulnerability in Apache OFBiz caused by a Password-Change Logic Flaw that can lead to remote code execution. Affected versions are OFBiz before 24.09.06. The mitigation is to upgrade to version 24.09.06, which fixes the issue. The public docum...

9.8CVSS5.8AI score0.01237EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/19 9:39 a.m.4 views

CVE-2026-45187

Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00513EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/19 9:39 a.m.8 views

EUVD-2026-30874

Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.5CVSS5.8AI score0.00513EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/19 9:34 a.m.3 views

CVE-2026-31986

Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00421EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/19 9:32 a.m.7 views

EUVD-2026-30871

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

7.5CVSS5.8AI score0.00486EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/19 9:24 a.m.8 views

EUVD-2026-30862

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.5CVSS5.8AI score0.00487EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/19 9:24 a.m.5 views

CVE-2026-31380 Apache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00487EPSS
Exploits0References1
CVE
CVEadded 2026/05/19 9:22 a.m.16 views

CVE-2026-31379

CVE-2026-31379 affects Apache OFBiz prior to version 24.09.06. The incident combines multiple flaws: improper neutralization of input (XSS), path traversal restricting directory access, and improper generation of code, enabling a path traversal/file upload validation bypass with potential arbitra...

6.1CVSS5.8AI score0.00588EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/19 9:21 a.m.7 views

EUVD-2026-30856

Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.5CVSS5.8AI score0.00574EPSS
Exploits0References1
CVE
CVEadded 2026/05/19 9:16 a.m.15 views

CVE-2026-29220

CVE-2026-29220 is a path traversal in Apache OFBiz (affects versions prior to 24.09.06). The root cause is improper limitation of a pathname to a restricted directory, exposing potential unauthorized access to files. The advisory’s impact, per CVSS 3.1, is a low confidentiality and integrity impa...

6.5CVSS5.8AI score0.00684EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/19 12:0 a.m.7 views

PT-2026-41846

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00473EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/19 12:0 a.m.10 views

PT-2026-41847

Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00574EPSS
Exploits0References2
Rows per page
Query Builder