Lucene search
K

785 matches found

OSV
OSV
added 2026/05/19 9:39 a.m.4 views

CVE-2026-45187 Apache OFBiz: Improper Authorization in Scheduled Job Creation Allows Low-Privileged Users to Submit System Jobs

Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.5CVSS5.9AI score0.00513EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:36 a.m.10 views

CVE-2026-41919

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00454EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 9:36 a.m.47 views

CVE-2026-41919 Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.00454EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:36 a.m.30 views

CVE-2026-41919

CVE-2026-41919 is an LDAP Injection vulnerability in Apache OFBiz caused by improper neutralization of LDAP special elements in DN construction. The issue affects OFBiz versions before 24.09.06. Upgrading to 24.09.06 fixes the vulnerability. The CVE list also notes the potential impact as authent...

9.1CVSS5.8AI score0.00454EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/19 9:36 a.m.16 views

EUVD-2026-30875

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

9.1CVSS5.8AI score0.00454EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 9:36 a.m.2 views

CVE-2026-41919 Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

9.1CVSS5.9AI score0.00454EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/19 9:36 a.m.21 views

CVE-2026-41919 Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00454EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:36 a.m.7 views

CVE-2026-35086

Improper Control of Generation of Code 'Code Injection' vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00497EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 9:36 a.m.23 views

CVE-2026-35086

CVE-2026-35086 affects Apache OFBiz prior to 24.09.06, describing an improper control of code generation in the email services (code injection). The vulnerability is tied to Unsafe Template Expansion and is associated with authenticated remote execution in some listings; vendor guidance recommend...

6.5CVSS5.8AI score0.00497EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/19 9:36 a.m.16 views

CVE-2026-35086 Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services

Improper Control of Generation of Code 'Code Injection' vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00497EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 9:36 a.m.49 views

CVE-2026-35086 Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services

Improper Control of Generation of Code 'Code Injection' vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.00497EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 9:36 a.m.3 views

CVE-2026-35086 Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services

Improper Control of Generation of Code 'Code Injection' vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.5CVSS5.9AI score0.00497EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/19 9:34 a.m.11 views

CVE-2026-31986 Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection

Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00421EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 9:34 a.m.12 views

EUVD-2026-30873

Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

9.1CVSS5.8AI score0.00421EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 9:34 a.m.46 views

CVE-2026-31986 Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection

Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.00421EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:34 a.m.31 views

CVE-2026-31986

CVE-2026-31986 affects Apache OFBiz up to version 24.09.05 (pre-24.09.06). The issue is described as a use of a hard-coded cryptographic key, enabling unauthenticated access/impact via default JWT signing key and widget/template injection per CVE listings. The root cause is tied to a hard-coded k...

9.1CVSS5.8AI score0.00421EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:34 a.m.7 views

CVE-2026-31986

Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00421EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 9:34 a.m.3 views

CVE-2026-31986 Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection

Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

9.1CVSS5.9AI score0.00421EPSS
Exploits0References4
CVE
CVE
added 2026/05/19 9:33 a.m.22 views

CVE-2026-31910

CVE-2026-31910 (Apache OFBiz) is an SSRF vulnerability tied to improper input validation in UI Factory Classes. Affected software is Apache OFBiz prior to 24.09.06. The issue enables Server-Side Request Forgery and is addressed by upgrading to version 24.09.06, which contains the fix. No exploita...

7.5CVSS5.8AI score0.0046EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/19 9:33 a.m.13 views

EUVD-2026-30870

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

7.5CVSS5.8AI score0.0046EPSS
Exploits0References1
Rows per page
Query Builder