Lucene search
K

691 matches found

CVE
CVE
added 2026/05/19 9:39 a.m.33 views

CVE-2026-45187

CVE-2026-45187 describes an improper authorization flaw in the Apache OFBiz Webtools component. The issue affects OFBiz versions before 24.09.06 and is documented as a vulnerability in the scheduled job creation flow that allows low-privileged users to submit system jobs. The CVSS 3.1 base score ...

6.5CVSS5.8AI score0.00513EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:39 a.m.7 views

CVE-2026-45187

Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00513EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 9:39 a.m.12 views

CVE-2026-45187 Apache OFBiz: Improper Authorization in Scheduled Job Creation Allows Low-Privileged Users to Submit System Jobs

Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00513EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:36 a.m.10 views

CVE-2026-41919

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00454EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 9:36 a.m.45 views

CVE-2026-41919 Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.00454EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 9:36 a.m.20 views

CVE-2026-41919 Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00454EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:36 a.m.7 views

CVE-2026-35086

Improper Control of Generation of Code 'Code Injection' vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00497EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 9:36 a.m.47 views

CVE-2026-35086 Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services

Improper Control of Generation of Code 'Code Injection' vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.00497EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:36 a.m.23 views

CVE-2026-35086

CVE-2026-35086 affects Apache OFBiz prior to 24.09.06, describing an improper control of code generation in the email services (code injection). The vulnerability is tied to Unsafe Template Expansion and is associated with authenticated remote execution in some listings; vendor guidance recommend...

6.5CVSS5.8AI score0.00497EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/19 9:36 a.m.16 views

CVE-2026-35086 Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services

Improper Control of Generation of Code 'Code Injection' vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00497EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:34 a.m.7 views

CVE-2026-31986

Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00421EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 9:34 a.m.11 views

CVE-2026-31986 Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection

Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00421EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 9:34 a.m.12 views

EUVD-2026-30873

Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

9.1CVSS5.8AI score0.00421EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 9:34 a.m.46 views

CVE-2026-31986 Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection

Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.00421EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:34 a.m.31 views

CVE-2026-31986

CVE-2026-31986 affects Apache OFBiz up to version 24.09.05 (pre-24.09.06). The issue is described as a use of a hard-coded cryptographic key, enabling unauthenticated access/impact via default JWT signing key and widget/template injection per CVE listings. The root cause is tied to a hard-coded k...

9.1CVSS5.8AI score0.00421EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/19 9:33 a.m.43 views

CVE-2026-31910 Apache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File Access

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.0046EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 9:33 a.m.13 views

EUVD-2026-30870

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

7.5CVSS5.8AI score0.0046EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 9:33 a.m.13 views

CVE-2026-31910 Apache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File Access

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.0046EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:33 a.m.8 views

CVE-2026-31910

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.0046EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 9:33 a.m.21 views

CVE-2026-31910

CVE-2026-31910 (Apache OFBiz) is an SSRF vulnerability tied to improper input validation in UI Factory Classes. Affected software is Apache OFBiz prior to 24.09.06. The issue enables Server-Side Request Forgery and is addressed by upgrading to version 24.09.06, which contains the fix. No exploita...

7.5CVSS5.8AI score0.0046EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder