📦

ofbiz

Vendor: apache

Actively Exploited 3 CISA KEV List

PoC / Exploits 19 Code Available

Total RCEs 21 Remote Access

Total CVEs 383 Total Indexed

Avg. EPSS 22.86% Exploit Prob.

Latest CVE CVE-2026-46586 May 19

Security Vulnerability Index

Page 1 / 39

8.8 CVSS

CVE-2026-46586

RCE Exploit Found

Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

EPSS: 0.09%

Severity: HIGH

May 19, 2026

9.8 CVSS

CVE-2026-45434

Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

EPSS: 0.10%

Severity: CRITICAL

May 19, 2026

6.5 CVSS

CVE-2026-45187

Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

EPSS: 0.24%

Severity: MEDIUM

May 19, 2026

9.1 CVSS

CVE-2026-41919

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

EPSS: 0.10%

Severity: CRITICAL

May 19, 2026

6.5 CVSS

CVE-2026-35086

Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

EPSS: 0.19%

Severity: MEDIUM

May 19, 2026

9.1 CVSS

CVE-2026-31986

Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

EPSS: 0.10%

Severity: CRITICAL

May 19, 2026

7.5 CVSS

CVE-2026-31910

Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

EPSS: 0.10%

Severity: HIGH

May 19, 2026

7.5 CVSS

CVE-2026-31909

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

EPSS: 0.08%

Severity: HIGH

May 19, 2026

6.1 CVSS

CVE-2026-31906

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

EPSS: 0.18%

Severity: MEDIUM

May 19, 2026

5.3 CVSS

CVE-2026-31388

Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

EPSS: 0.17%

Severity: MEDIUM

May 19, 2026

Displaying 10 of 383 Total Entries

1 2 3 4 5 ... 39

Total 39 Sections