Lucene search
+L

786 matches found

CVE
CVE
added 2026/06/10 10:29 p.m.18 views

CVE-2026-47342

CVE-2026-47342 affects Apache OFBiz prior to 24.09.07 and is a privilege-escalation via updateOrRemove authorization bypass. The issue allows a low-privileged authenticated user to obtain higher privileges. The advisory recommends upgrading to 24.09.07 to fix the vulnerability. CVSS 3.1 base scor...

8.8CVSS5.4AI score0.00407EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/10 10:29 p.m.35 views

CVE-2026-47342 Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass

A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the issue...

0.00407EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 10:29 p.m.2 views

CVE-2026-47342 Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass

A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the issue...

8.8CVSS5.9AI score0.00407EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/10 10:29 p.m.8 views

CVE-2026-47342 Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass

A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the issue...

5.2AI score0.00407EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 10:23 p.m.9 views

CVE-2026-50223 Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...

5.5AI score0.00657EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 10:23 p.m.33 views

CVE-2026-50223 Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...

0.00657EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 10:23 p.m.3 views

CVE-2026-50223 Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...

8.8CVSS6AI score0.00657EPSS
Exploits0References4
CVE
CVE
added 2026/06/10 10:23 p.m.30 views

CVE-2026-50223

CVE-2026-50223 affects Apache OFBiz prior to 24.09.07. It is caused by improper control of code generation (template injection) via DataResource editing by a low-privileged authenticated user, enabling possible Remote Code Execution. A fix is available in version 24.09.07; upgrading is recommende...

8.8CVSS5.5AI score0.00657EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.28 views

PT-2026-48576

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.07 Description Improper Control of Generation of Code allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks. This can lead to Remote...

6AI score0.00657EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

Apache OFBiz 代码注入漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.07 had a code injection vulnerability. This vulnerability stemmed from improper co...

8.8CVSS5.8AI score0.00657EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48575

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.07 Description A privilege escalation issue in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges. This is achieved through an authorization bypass in the updateOrRemove...

8.8CVSS5.2AI score0.00407EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-29226

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

7.3CVSS5.4AI score0.00473EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-29220

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.5CVSS5.4AI score0.00684EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-29207

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...

6.5CVSS5.3AI score0.00541EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-41919

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

9.1CVSS5.4AI score0.00454EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.15 views

CVE-2026-45187

Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.5CVSS5.4AI score0.00513EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.10 views

CVE-2026-31906

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.1CVSS5.4AI score0.0044EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.11 views

CVE-2026-31986

Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

9.1CVSS5.4AI score0.00421EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.15 views

CVE-2026-31380

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.5CVSS5.4AI score0.00487EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.13 views

CVE-2026-31379

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06...

6.1CVSS5.4AI score0.00588EPSS
Exploits0References1
Rows per page
Query Builder