CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/19 12:0 a.m.•7 views

Apache OFBiz 信息泄露漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained a vulnerability related to information leakage, which resulted in...

7.5CVSS5.8AI score0.00082EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•7 views

PT-2026-41860

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.06 Description Improper Control of Generation of Code Code Injection and Improper Neutralization of Directives in Dynamically Evaluated Code Eval Injection in the 'traverseContent' service allow authenticat...

8.8CVSS5.9AI score0.00085EPSS

Exploits0References5

6.1CVSS5.6AI score0.00183EPSS

Apache OFBiz 跨站脚本漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had a cross-site scripting vulnerability; this vulnerability was due to imprope...

Positive Technologies•added 2026/05/19 12:0 a.m.•7 views

PT-2026-41854

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00101EPSS

6.5CVSS5.8AI score0.00244EPSS

Apache OFBiz 授权问题漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had vulnerabilities related to authorization issues, which stemmed from imprope...

CNNVD•added 2026/05/19 12:0 a.m.•6 views

Apache OFBiz 安全漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained security vulnerabilities, which were caused by the use of hard-coded...

9.1CVSS5.8AI score0.00095EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•4 views

PT-2026-41846

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00108EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•5 views

PT-2026-41855

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.06 Description Apache OFBiz contains a hard-coded cryptographic key. This flaw may allow remote attackers to gain unauthorized access, expose sensitive data, or tamper with application data. Recommendations...

9.1CVSS5.8AI score0.00095EPSS

Exploits0References7

5.3CVSS5.8AI score0.0003EPSS

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 9.28.0, there were security...

9.8CVSS6.2AI score0.00096EPSS

Apache OFBiz 授权问题漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained a security vulnerability related to authorization logic. This...

Positive Technologies•added 2026/05/19 12:0 a.m.•5 views

PT-2026-41848

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06...

5.8AI score0.00169EPSS

CNNVD•added 2026/05/19 12:0 a.m.•4 views

Apache OFBiz 代码问题漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained code vulnerabilities, which were caused by server-side request forgei...

7.5CVSS5.9AI score0.00101EPSS

Tenable Nessus•added 2026/05/19 12:0 a.m.•6 views

RHEL 10 : tomcat (RHSA-2026:19054)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19054 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Certificate...

7.5CVSS7.3AI score0.00091EPSS

Exploits0References4

OSV•added 2026/05/18 6:40 p.m.•4 views

CLSA-2026-1779129626 httpd: Fix of CVE-2026-28780

CVE-2026-28780: modproxyajp: heap-based buffer overflow in ajpmsgcheckheader — message size check did not subtract AJPHEADERLEN, letting a crafted AJP reply write 4 bytes past the end of the heap buffer...

9.8CVSS6AI score0.00026EPSS

OSV•added 2026/05/18 5:38 p.m.•7 views

CLSA-2026-1779125894 php: Fix of 7 CVEs

CVE-2026-7258: fix out-of-bounds read in urldecode via signed-char to ctype.h GHSA-m8rr-4c36-8gq4 - CVE-2026-6722: fix stale SOAPGLOBAL refmap pointer with Apache Map GHSA-85c2-q967-79q5 - CVE-2026-7259: fix null pointer dereference in phpmbcheckencoding via mberegsearchinit GHSA-wm6j-2649-pv75 -...

9.8CVSS5.9AI score0.00369EPSS