EUVD-2026-30875

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

EUVD-2026-30873

Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

PT-2026-41857

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

PT-2026-41860

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.06 Description Improper Control of Generation of Code Code Injection and Improper Neutralization of Directives in Dynamically Evaluated Code Eval Injection in the 'traverseContent' service allow authenticat...

CVE-2019-12425

Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host...

EUVD-2011-3559

Malware in sbrugna...

EUVD-2023-50985

Malicious code in bioql PyPI...

EUVD-2022-33566

Malicious code in bioql PyPI...

Apache OFBiz Code Execution Vulnerability (CNVD-2025-20870)

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A code execution vulnerability exists in Apache OFBiz versions prior to 24.09.02 that stems from improper...

CVE-2024-47208

Server-Side Request Forgery SSRF, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue...

CVE-2022-25813

In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SST...

CVE-2025-30676 Apache OFBiz: Stored XSS Vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.19. Users are recommended to upgrade to version 18.12.19, which fixes the issue...

CVE-2025-26865 Apache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCE

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18. It's a regression between 18.12.17 and 18.12.18. In case you use something like that, which is not recommended! For security, only...

PT-2025-10463 · Apache · Apache Ofbiz

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions 18.12.17 through 18.12.18 Description: The issue is related to the improper neutralization of special elements used in a template engine, which can lead to remote code execution. This is a regression between versions...

CVE-2024-32113

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue...

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)

Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server. Exploitation is facilitated by bypassing...

Apache OFBiz Code Execution Vulnerability (CNVD-2024-39150)

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A code execution vulnerability exists in Apache OFBiz, which can be exploited by an attacker to execute...

CVE-2024-45195

Direct Request ‘Forced Browsing’ vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. Recent assessments: remmons-r7 at September 25, 2024 3:32pm UTC reported: Apache OFBiz is an open-source...

Apache OFBiz Authorization Error Vulnerability

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. An authorization error vulnerability exists in Apache OFBiz versions 18.12.14 and earlier, which could be...

Apache OFBiz resolveURI Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the resolveURI method. The issue results from improper URI validation...