CVE-2026-47342
- EPSS 0.41%
- Veröffentlicht 10.06.2026 22:29:06
- Zuletzt bearbeitet 12.06.2026 19:31:41
A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the is...
CVE-2026-50223
- EPSS 0.66%
- Veröffentlicht 10.06.2026 22:23:49
- Zuletzt bearbeitet 12.06.2026 19:30:46
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execu...
CVE-2026-46586
- EPSS 0.55%
- Veröffentlicht 19.05.2026 09:41:39
- Zuletzt bearbeitet 20.05.2026 17:16:25
Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended...
CVE-2026-45434
- EPSS 22.88%
- Veröffentlicht 19.05.2026 09:40:26
- Zuletzt bearbeitet 20.05.2026 17:16:24
Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-45187
- EPSS 0.51%
- Veröffentlicht 19.05.2026 09:39:27
- Zuletzt bearbeitet 19.05.2026 19:16:50
Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-41919
- EPSS 0.45%
- Veröffentlicht 19.05.2026 09:36:55
- Zuletzt bearbeitet 19.05.2026 19:16:50
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-35086
- EPSS 0.5%
- Veröffentlicht 19.05.2026 09:36:00
- Zuletzt bearbeitet 19.05.2026 19:16:49
Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-31986
- EPSS 0.42%
- Veröffentlicht 19.05.2026 09:34:38
- Zuletzt bearbeitet 19.05.2026 19:16:48
Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-31910
- EPSS 0.46%
- Veröffentlicht 19.05.2026 09:33:38
- Zuletzt bearbeitet 19.05.2026 19:16:48
Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-31909
- EPSS 0.49%
- Veröffentlicht 19.05.2026 09:32:47
- Zuletzt bearbeitet 19.05.2026 19:16:48
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.