Where
-Infinity
0

Trending

Last week
Last month
Last year

Apache OFBizApache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution

Risk 83
Severity
8.8
First published (updated )
CVE-2026-46586

Apache OFBizApache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE

Risk 90
Severity
9.8
First published (updated )
CVE-2026-45434

Apache OFBizApache OFBiz: Improper Authorization in Scheduled Job Creation Allows Low-Privileged Users to Submit System Jobs

Risk 42
Severity
6.5
First published (updated )
CVE-2026-45187

Apache Apache OFBizApache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction

Risk 70
Severity
9.1
First published (updated )
CVE-2026-41919

Apache Apache OFBizApache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services

Risk 42
Severity
6.5
First published (updated )
CVE-2026-35086
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache Apache OFBizApache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection

Risk 70
Severity
9.1
First published (updated )
CVE-2026-31986

Apache OFBizApache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File Access

Risk 46
Severity
7.5
First published (updated )
CVE-2026-31910

Apache Apache OFBizApache OFBiz: Unauthenticated Shipment Label Image Disclosure

Risk 46
Severity
7.5
First published (updated )
CVE-2026-31909

Apache OFBizApache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog Parameters

Risk 40
Severity
6.1
First published (updated )
CVE-2026-31906

Apache OFBizApache OFBiz: Cross-Tenant Data Exposure via Program Export Feature

Risk 28
Severity
5.3
First published (updated )
CVE-2026-31388
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache Apache OFBizApache OFBiz: Cookie Manipulation Allows Authenticated JWT Forgery and Account Impersonation

Risk 28
Severity
5.3
First published (updated )
CVE-2026-31387

Apache Apache OFBizApache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass

Risk 42
Severity
6.5
First published (updated )
CVE-2026-31380

Apache OFBizApache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager

Risk 40
Severity
6.1
First published (updated )
CVE-2026-31379

Apache Apache OFBizApache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution

Risk 42
Severity
6.5
First published (updated )
CVE-2026-31378

Apache OFBizApache OFBiz: Low-Privilege SSRF in Content Component

Risk 51
Severity
7.3
First published (updated )
CVE-2026-29226
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache OFBizApache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component

Risk 40
Severity
6.5
First published (updated )
CVE-2026-29207

Apache OFBizApache OFBiz: Low-Privilege LFI in Content Component

Risk 40
Severity
6.5
First published (updated )
CVE-2026-29220

oss-secCVE-2026-41919: Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction

First published (updated )
https://seclists.org/oss-sec/2026/q2/599

oss-secCVE-2026-35086: Apache OFBiz: Authenticated mote Code Execution via Unsafe Template Expansion in email services

First published (updated )
https://seclists.org/oss-sec/2026/q2/598

oss-secCVE-2026-31388: Apache OFBiz: Cross-Tenant Data Exposuvia Program Export Featu

First published (updated )
https://seclists.org/oss-sec/2026/q2/593
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache OFBizApache OFBiz: RCE Vulnerability in scrum plugin

Risk 90
Severity
9.8
First published (updated )
CVE-2025-54466

Apache OFBizApache OFBiz: Stored XSS Vulnerability

Risk 28
Severity
6.1
EPSS
0.03%
First published (updated )
CVE-2025-30676

CVE-2025-30676: Apache OFBiz: Stod XSS Vulnerability

First published (updated )
https://seclists.org/oss-sec/2025/q2/2

Apache OFBizApache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCE

Risk 19
Severity
3.5
EPSS
0.07%
First published (updated )
CVE-2025-26865

BleepingComputerCISA orders agencies to patch Linux kernel bug exploited in attacks

Exploited
Zeroday
First published (updated )
News
BleepingComputer
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

BleepingComputerCISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks

Exploited
First published (updated )
News
BleepingComputer

Apache OFBizApache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE

Risk 90
Severity
9.8
First published (updated )
CVE-2024-47208

Apache OFBizApache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE)

Risk 56
Severity
8.9
EPSS
0.06%
First published (updated )
CVE-2024-48962

CVE-2024-47208: Apache OFBiz: URLs allowing mote use of Groovy expssions, leading to RCE

First published (updated )
https://seclists.org/oss-sec/2024/q4/96

CVE-2024-48962: Apache OFBiz: Bypass SameSite strictions with target diction using URL parameters (SSTI and CSRF leading to RCE)

First published (updated )
https://seclists.org/oss-sec/2024/q4/95
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203