Lucene search
+L

709 matches found

OSV
OSV
added 2026/05/19 9:22 a.m.4 views

CVE-2026-31379 Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06...

6.1CVSS5.9AI score0.00588EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/19 9:21 a.m.8 views

CVE-2026-31378 Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution

Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00574EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:21 a.m.8 views

CVE-2026-31378

Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00574EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 9:21 a.m.22 views

CVE-2026-31378

The CVE relates to an Improper Input Validation vulnerability in Apache OFBiz . Affected software is Apache OFBiz versions before 24.09.06 . The issue’s root cause is input validation weaknesses, allowing potential impact as described in the linked records. The recommended remediation is to upgra...

6.5CVSS5.8AI score0.00574EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/19 9:21 a.m.45 views

CVE-2026-31378 Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution

Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.00574EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 9:21 a.m.11 views

EUVD-2026-30856

Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.5CVSS5.8AI score0.00574EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 9:21 a.m.3 views

CVE-2026-31378 Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution

Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.5CVSS5.9AI score0.00574EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/19 9:19 a.m.15 views

EUVD-2026-30858

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

7.3CVSS5.8AI score0.00473EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:19 a.m.18 views

CVE-2026-29226

CVE-2026-29226 describes a Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz triggered via Content component operations. Affected versions are before 24.09.06. The recommended remediation is to upgrade to version 24.09.06, which fixes the issue. The available connected sources conf...

7.3CVSS5.8AI score0.00473EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/19 9:19 a.m.10 views

CVE-2026-29226 Apache OFBiz: Low-Privilege SSRF in Content Component

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00473EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:19 a.m.7 views

CVE-2026-29226

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00473EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 9:19 a.m.49 views

CVE-2026-29226 Apache OFBiz: Low-Privilege SSRF in Content Component

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.00473EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 9:19 a.m.3 views

CVE-2026-29226 Apache OFBiz: Low-Privilege SSRF in Content Component

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

7.3CVSS5.9AI score0.00473EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:18 a.m.11 views

CVE-2026-29207

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...

5.7AI score0.00541EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 9:18 a.m.8 views

CVE-2026-29207 Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...

5.7AI score0.00541EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 9:18 a.m.50 views

CVE-2026-29207 Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...

0.00541EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 9:18 a.m.11 views

EUVD-2026-30855

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...

6.5CVSS5.7AI score0.00541EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:18 a.m.29 views

CVE-2026-29207

CVE-2026-29207 affects Apache OFBiz up to version 24.09.05 (pre-24.09.06) and can enable an improper neutralization of template engine elements, with Low-Privilege server-side SSTI that can lead to RCE in the Content component. The recommended remediation is to upgrade to OFBiz 24.09.06 or later....

6.5CVSS5.7AI score0.00541EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/19 9:16 a.m.50 views

CVE-2026-29220 Apache OFBiz: Low-Privilege LFI in Content Component

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.00684EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:16 a.m.6 views

CVE-2026-29220

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00684EPSS
Exploits0References2
Rows per page
Query Builder