Lucene search
+L

786 matches found

NVD
NVD
added 2026/05/19 10:16 a.m.13 views

CVE-2026-31387

Improper Authentication vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.3CVSS0.00515EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 10:16 a.m.20 views

CVE-2026-31906

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.1CVSS0.0044EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 10:16 a.m.19 views

CVE-2026-29207

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...

6.5CVSS0.00541EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 10:16 a.m.18 views

CVE-2026-29226

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

7.3CVSS0.00473EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 10:16 a.m.18 views

CVE-2026-29220

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.5CVSS0.00684EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 9:41 a.m.46 views

CVE-2026-46586 Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution

Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...

0.0055EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:41 a.m.32 views

CVE-2026-46586

CVE-2026-46586 affects Apache OFBiz prior to 24.09.06 and is described as an Improper Control of Generation of Code (Code Injection) and Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection) vulnerability. The issue enables injection/execution through Groovy code in...

8.8CVSS5.8AI score0.0055EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/19 9:41 a.m.9 views

CVE-2026-46586 Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution

Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...

5.8AI score0.0055EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:41 a.m.7 views

CVE-2026-46586

Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...

5.8AI score0.0055EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/19 9:41 a.m.16 views

EUVD-2026-30876

Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...

7.3CVSS5.8AI score0.0055EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 9:41 a.m.3 views

CVE-2026-46586 Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution

Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...

8.8CVSS5.9AI score0.0055EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:40 a.m.9 views

CVE-2026-45434

Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.22876EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/19 9:40 a.m.13 views

EUVD-2026-30877

Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

8.8CVSS5.8AI score0.22876EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:40 a.m.26 views

CVE-2026-45434

CVE-2026-45434 describes an "Improper Authentication" vulnerability in Apache OFBiz caused by a Password-Change Logic Flaw that can lead to remote code execution. Affected versions are OFBiz before 24.09.06. The mitigation is to upgrade to version 24.09.06, which fixes the issue. The public docum...

9.8CVSS5.8AI score0.22876EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/19 9:40 a.m.152 views

CVE-2026-45434 Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE

Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.22876EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 9:40 a.m.1 views

CVE-2026-45434 Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE

Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

9.8CVSS6AI score0.22876EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/19 9:39 a.m.49 views

CVE-2026-45187 Apache OFBiz: Improper Authorization in Scheduled Job Creation Allows Low-Privileged Users to Submit System Jobs

Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.00513EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:39 a.m.7 views

CVE-2026-45187

Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00513EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 9:39 a.m.13 views

CVE-2026-45187 Apache OFBiz: Improper Authorization in Scheduled Job Creation Allows Low-Privileged Users to Submit System Jobs

Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00513EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:39 a.m.45 views

CVE-2026-45187

CVE-2026-45187 describes an improper authorization flaw in the Apache OFBiz Webtools component. The issue affects OFBiz versions before 24.09.06 and is documented as a vulnerability in the scheduled job creation flow that allows low-privileged users to submit system jobs. The CVSS 3.1 base score ...

6.5CVSS5.8AI score0.00513EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder