Where
-Infinity
0

Trending

Last week
Last month
Last year

Apache Apache OFBizApache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction

Risk 70
Severity
9.1
First published (updated )
CVE-2026-41919

Apache Apache OFBizApache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services

Risk 42
Severity
6.5
First published (updated )
CVE-2026-35086

Apache Apache OFBizApache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection

Risk 70
Severity
9.1
First published (updated )
CVE-2026-31986

Apache Apache OFBizApache OFBiz: Unauthenticated Shipment Label Image Disclosure

Risk 46
Severity
7.5
First published (updated )
CVE-2026-31909

Apache Apache OFBizApache OFBiz: Cookie Manipulation Allows Authenticated JWT Forgery and Account Impersonation

Risk 28
Severity
5.3
First published (updated )
CVE-2026-31387
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache Apache OFBizApache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass

Risk 42
Severity
6.5
First published (updated )
CVE-2026-31380

Apache Apache OFBizApache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution

Risk 42
Severity
6.5
First published (updated )
CVE-2026-31378

oss-secCVE-2026-46586: Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution

First published (updated )
https://seclists.org/oss-sec/2026/q2/602

oss-secCVE-2026-45434: Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE

First published (updated )
https://seclists.org/oss-sec/2026/q2/601

oss-secCVE-2026-45187: Apache OFBiz: Improper Authorization in Scheduled Job Cation Allows Low-Privileged Users to Submit System Jobs

First published (updated )
https://seclists.org/oss-sec/2026/q2/600
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

oss-secCVE-2026-31986: Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection

First published (updated )
https://seclists.org/oss-sec/2026/q2/597

oss-secCVE-2026-31910: Apache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File Access

First published (updated )
https://seclists.org/oss-sec/2026/q2/596

oss-secCVE-2026-31909: Apache OFBiz: Unauthenticated Shipment Label Image Disclosu

First published (updated )
https://seclists.org/oss-sec/2026/q2/595

oss-secCVE-2026-31906: Apache OFBiz: flected XSS via Improper HTML Attribute Escaping in Layed-Modal Dialog Parameters

First published (updated )
https://seclists.org/oss-sec/2026/q2/594

oss-secCVE-2026-31387: Apache OFBiz: Cookie Manipulation Allows Authenticated JWT Forgery and Account Impersonation

First published (updated )
https://seclists.org/oss-sec/2026/q2/592
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

oss-secCVE-2026-31380: Apache OFBiz: FeMarker SSTI via Duplicate Parameter Sanitization Bypass

First published (updated )
https://seclists.org/oss-sec/2026/q2/591

oss-secCVE-2026-31379: Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stod XSS and RCE in Catalog Manager

First published (updated )
https://seclists.org/oss-sec/2026/q2/590

oss-secCVE-2026-31378: Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to mote Code Execution

First published (updated )
https://seclists.org/oss-sec/2026/q2/589

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203