Lucene search
+L

15 matches found

Nuclei
Nuclei
added 2026/06/26 6:13 p.m.231 views

Apache OFBiz - Improper Authorization & Remote Code Execution

Improper Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...

9.8CVSS7.8AI score0.99427EPSS
Exploits10References5
GithubExploit
GithubExploit
added 2025/10/10 2:20 a.m.257 views

Exploit for Incorrect Authorization in Apache Ofbiz

This is a PoC exploit for CVE-2024-38856, a remote code executio...

9.8CVSS8.6AI score0.99427EPSS
Exploits10
GithubExploit
GithubExploit
added 2025/07/11 2:13 a.m.281 views

Exploit for Path Traversal in Apache Ofbiz

📌 Apache OFBiz RCE Exploit CVE-2024-38856 Ce script Python...

9.8CVSS8.5AI score0.99427EPSS
Exploits14
GithubExploit
GithubExploit
added 2025/02/11 3:39 a.m.379 views

Exploit for Incorrect Authorization in Apache Ofbiz

Apache-OFBiz-Exploit Exploit for Apache OFBiz CVE-2024-38856...

9.8CVSS9.8AI score0.99427EPSS
Exploits10
GithubExploit
GithubExploit
added 2024/11/23 3:54 a.m.325 views

Exploit for Incorrect Authorization in Apache Ofbiz

cveCVE-2024-38856-poc CVE-2024-38856 is a serious vulnerabil...

9.8CVSS7.9AI score0.99427EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2024/08/30 12:0 a.m.20 views

Apache OFBiz < 18.12.15 Remote Code Execution (CVE-2024-38856)

The version of Apache OFBiz running on the remote host is potentially affected by a remote code execution vulnerability: - Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes th...

9.8CVSS6.4AI score0.99427EPSS
Exploits10References2
The Hacker News
The Hacker News
added 2024/08/28 6:50 a.m.31 views

CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning ERP system to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The...

9.8CVSS8.2AI score0.99427EPSS
Exploits15
CISA
CISA
added 2024/08/27 12:0 p.m.11 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38856link is external Apache OFBiz Incorrect Authorization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors an...

9.8CVSS7.3AI score0.99427EPSS
In wildExploits10References6
GithubExploit
GithubExploit
added 2024/08/22 4:5 a.m.424 views

Exploit for Incorrect Authorization in Apache Ofbiz

CVE-2024-38856-EXP --- bash bash CVE-2024-23692.sh...

9.8CVSS9.8AI score0.99485EPSS
Exploits29
The Hacker News
The Hacker News
added 2024/08/06 4:16 a.m.60 views

New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution

A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning ERP system that could allow threat actors to achieve remote code execution on affected instances. Tracked as CVE-2024-38856, the flaw has a CVSS...

9.8CVSS9.7AI score0.99427EPSS
Exploits27
NVD
NVD
added 2024/08/05 9:15 a.m.51 views

CVE-2024-38856

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...

9.8CVSS0.99427EPSS
Exploits10References6
Cvelist
Cvelist
added 2024/08/05 8:20 a.m.70 views

CVE-2024-38856 Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...

0.99427EPSS
Exploits10References4
Vulnrichment
Vulnrichment
added 2024/08/05 8:20 a.m.30 views

CVE-2024-38856 Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...

7.5AI score0.99427EPSS
Exploits10References4
ATTACKERKB
ATTACKERKB
added 2024/08/05 12:0 a.m.34 views

CVE-2024-38856

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...

9.8CVSS7.3AI score0.99427EPSS
In wildExploits10References5
Circl
Circl
added 2024/06/17 3:39 p.m.5 views

CVE-2024-38856

creationtimestamp| type| source ---|---|--- 2024-06-17 15:39:13+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/apacheofbizforgotpassworddirectorytraversal.rb 2024-08-05 11:10:43+00:00| published-proof-of-concept| https://t.me/HackingInsights/86...

9.8CVSS7.1AI score0.99427EPSS
Exploits10References61
Rows per page
Query Builder