CVE-2026-45434 Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE

Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

EUVD-2026-30874

Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

EUVD-2026-30872

Improper Control of Generation of Code 'Code Injection' vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

CVE-2010-0432

Multiple cross-site scripting XSS vulnerabilities in the Apache Open For Business Project aka OFBiz 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via 1 the productStoreId parameter to control/exportProductListing, 2...

EUVD-2025-124974

Reflected cross-site scripting vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue...

EUVD-2025-124975

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue...

EUVD-2006-6571

Malware in sbrugna...

EUVD-2012-3461

Malware in sbrugna...

EUVD-2012-1631

Malware in sbrugna...

EUVD-2013-2102

Malware in sbrugna...

EUVD-2013-0215

Malware in sbrugna...

EUVD-2006-6572

Malware in sbrugna...

CVE-2006-6588

The forum implementation in the ecommerce component in the Apache Open For Business Project OFBiz trusts the 1 dataResourceTypeId, 2 contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown...

Apache OFBiz Code Issue Vulnerability

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a suite of Java-based web application components and tools. A code issue vulnerability exists in Apache OFBiz versions prior to 18.12.12. An attacker could exploit...

Apache OFBiz Information Disclosure Vulnerability

Apache OFBiz also known as Apache Open For Business Project is the United States Apache Apache Software Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. An information disclosure vulnerability exists in...

CVE-2013-0177

Multiple cross-site scripting XSS vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project aka OFBiz 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the 1 Screenlet.title or 2...

CVE-2013-2137

CVE-2013-2137 describes an XSS vulnerability in the Webtools "View Log" screen of Apache OFBiz. Affected: OFBiz Webtools View Log in versions 10.04.01–10.04.05, 11.04.01–11.04.02, and 12.04.01. Root cause: log HTML content not properly encoded. Impact: remote attackers can inject arbitrary script...

CVE-2012-3506

Technical details for CVE-2012-3506 are not publicly available in the provided documents; no affected products, vectors, or fixes are disclosed. Monitor for updates.

CVE-2006-6588

CVE-2006-6588 affects the Apache OFBiz OFBiz forum component, where the forum implementation trusts certain hidden form fields (dataResourceTypeId and contentTypeId) to process content. This trust allows remote attackers to create unauthorized content types, modify content, or cause other unknown...

CVE-2006-6587

Cross-site scripting XSS vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project OFBiz allows remote attackers to inject arbitrary web script or HTML by posting a message...