CVE-2026-31906
- EPSS 0.44%
- Veröffentlicht 19.05.2026 09:30:19
- Zuletzt bearbeitet 19.05.2026 19:16:48
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-31388
- EPSS 0.42%
- Veröffentlicht 19.05.2026 09:28:29
- Zuletzt bearbeitet 19.05.2026 19:16:47
Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-31387
- EPSS 0.52%
- Veröffentlicht 19.05.2026 09:27:05
- Zuletzt bearbeitet 19.05.2026 19:16:47
Improper Authentication vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-31380
- EPSS 0.49%
- Veröffentlicht 19.05.2026 09:24:39
- Zuletzt bearbeitet 19.05.2026 19:16:47
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.0...
CVE-2026-31379
- EPSS 0.59%
- Veröffentlicht 19.05.2026 09:22:49
- Zuletzt bearbeitet 19.05.2026 19:16:47
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OF...
CVE-2026-31378
- EPSS 0.57%
- Veröffentlicht 19.05.2026 09:21:18
- Zuletzt bearbeitet 19.05.2026 19:16:47
Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-29226
- EPSS 0.47%
- Veröffentlicht 19.05.2026 09:19:30
- Zuletzt bearbeitet 19.05.2026 19:16:46
Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-29207
- EPSS 0.54%
- Veröffentlicht 19.05.2026 09:18:18
- Zuletzt bearbeitet 19.05.2026 19:16:46
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in...
CVE-2026-29220
- EPSS 0.68%
- Veröffentlicht 19.05.2026 09:16:59
- Zuletzt bearbeitet 19.05.2026 19:16:46
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2025-61623
- EPSS 0.76%
- Veröffentlicht 12.11.2025 09:16:58
- Zuletzt bearbeitet 13.11.2025 15:04:42
Reflected cross-site scripting vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue.