|
2821
|
6.5 |
MEDIUM
Network
|
apache
|
ofbiz
|
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24…
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-29207
|
2026-05-20 01:37 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2822
|
6.5 |
MEDIUM
Network
|
apache
|
ofbiz
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to v…
|
CWE-22
Path Traversal
|
CVE-2026-29220
|
2026-05-20 01:37 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2823
|
6.5 |
MEDIUM
Network
|
apache
|
ofbiz
|
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-31380
|
2026-05-20 01:37 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2824
|
5.3 |
MEDIUM
Network
|
apache
|
ofbiz
|
Improper Authentication vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixes the issue.
|
CWE-287
Improper Authentication
|
CVE-2026-31387
|
2026-05-20 01:36 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2825
|
5.3 |
MEDIUM
Network
|
apache
|
ofbiz
|
Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixe…
|
CWE-284
Improper Access Control
|
CVE-2026-31388
|
2026-05-20 01:36 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2826
|
6.1 |
MEDIUM
Network
|
apache
|
ofbiz
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrad…
|
CWE-79
Cross-site Scripting
|
CVE-2026-31906
|
2026-05-20 01:36 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2827
|
7.5 |
HIGH
Network
|
apache
|
ofbiz
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, whi…
|
CWE-200
Information Exposure
|
CVE-2026-31909
|
2026-05-20 01:36 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2828
|
7.5 |
HIGH
Network
|
apache
|
ofbiz
|
Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixes the issue.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-31910
|
2026-05-20 01:36 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2829
|
9.1 |
CRITICAL
Network
|
apache
|
ofbiz
|
Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixes the issue.
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-31986
|
2026-05-20 01:36 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2830
|
6.5 |
MEDIUM
Network
|
apache
|
ofbiz
|
Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to vers…
|
CWE-94
Code Injection
|
CVE-2026-35086
|
2026-05-20 01:36 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
