CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/19 9:41 a.m.•7 views

CVE-2026-46586 Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution

5.8AI score0.00085EPSS

ATTACKERKB•added 2026/05/19 9:36 a.m.•3 views

CVE-2026-35086

Improper Control of Generation of Code 'Code Injection' vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00187EPSS

EUVD•added 2026/05/19 9:36 a.m.•7 views

EUVD-2026-30872

6.5CVSS5.8AI score0.00187EPSS

CVE•added 2026/05/19 9:36 a.m.•12 views

CVE-2026-35086

CVE-2026-35086 affects Apache OFBiz prior to 24.09.06, describing an improper control of code generation in the email services (code injection). The vulnerability is tied to Unsafe Template Expansion and is associated with authenticated remote execution in some listings; vendor guidance recommend...

6.5CVSS5.8AI score0.00187EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/19 9:22 a.m.•6 views

EUVD-2026-30860

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06...

6.1CVSS5.8AI score0.00169EPSS

Vulnrichment•added 2026/05/19 9:22 a.m.•4 views

CVE-2026-31379 Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager

5.8AI score0.00169EPSS

ATTACKERKB•added 2026/05/19 9:22 a.m.•3 views

CVE-2026-31379

5.8AI score0.00169EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•6 views

PT-2026-41856

5.8AI score0.00187EPSS

8.8CVSS5.9AI score0.00085EPSS

Apache OFBiz 代码注入漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained a code injection vulnerability. This vulnerability stemmed from...

9.1CVSS6.1AI score0.00302EPSS

Eclipse Glassfish 代码注入漏洞

Eclipse Glassfish is an application server developed by the Eclipse Foundation. Eclipse Glassfish has a code injection vulnerability. This vulnerability stems from allowing users with panel access rights to send custom requests, thereby enabling them to execute arbitrary operating system commands...

Exploits1References1

6.1CVSS5.7AI score0.00169EPSS

Apache OFBiz 路径遍历漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained a path traversal vulnerability. This vulnerability was due to imprope...

6.5CVSS5.9AI score0.00187EPSS

Apache OFBiz 代码注入漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had a code injection vulnerability, which originated from a code injection...

Positive Technologies•added 2026/05/19 12:0 a.m.•7 views

PT-2026-41860

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.06 Description Improper Control of Generation of Code Code Injection and Improper Neutralization of Directives in Dynamically Evaluated Code Eval Injection in the 'traverseContent' service allow authenticat...

8.8CVSS5.9AI score0.00085EPSS

Exploits0References5

CNNVD•added 2026/05/19 12:0 a.m.•4 views

ModelScope 代码注入漏洞

ModelScope is an open-source model service and inference training platform developed by ModelScope. Version 1.25.0 of ModelScope contains a code injection vulnerability. This vulnerability stems from allowing attackers to execute arbitrary code by using a specially crafted module listed under the...

7.3CVSS6.2AI score0.00045EPSS

CNNVD•added 2026/05/19 12:0 a.m.•4 views

AutoGPT 代码注入漏洞

AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. In versions 0.6.34 to 0.6.51 of AutoGPT, there was a code injection vulnerability. This vulnerability stemmed from the use of pickle.loads to deserialize Redis cache data without proper...

7.6CVSS6AI score0.00015EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•4 views

PT-2026-41848

5.8AI score0.00169EPSS

OSV•added 2026/05/18 6:31 p.m.•2 views

GHSA-F4J7-R4Q5-QW2C ChromaDB Python project has a pre-authentication code injection vulnerability

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

10CVSS6.1AI score0.00168EPSS

Exploits2References4

Github Security Blog•added 2026/05/18 6:31 p.m.•15 views

ChromaDB Python project has a pre-authentication code injection vulnerability

10CVSS6.1AI score0.00168EPSS

Exploits2References4Affected Software1

Snyk•added 2026/05/18 5:47 p.m.•7 views

Arbitrary Code Injection

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Arbitrary Code Injection via the calculation parameter in the V1 Views API, which is interpolated directly into a CouchDB reduce function without validation. An attacker can execute arbitrary...

8.5CVSS6.1AI score0.00032EPSS