本ページは apache ofbiz に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-50223 | Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the issue. | [email protected] | 8.8 | 0.66% | 2026-06-10 | 2026-06-12 |
| CVE-2026-47342 | A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the issue. | [email protected] | 8.8 | 0.34% | 2026-06-10 | 2026-06-12 |
| CVE-2026-46586 | Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | [email protected] | 8.8 | 0.55% | 2026-05-19 | 2026-05-20 |
| CVE-2026-45434 | Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | [email protected] | 9.8 | 1.24% | 2026-05-19 | 2026-05-20 |
| CVE-2026-45187 | Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | [email protected] | 6.5 | 0.51% | 2026-05-19 | 2026-05-19 |
| CVE-2026-41919 | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | [email protected] | 9.1 | 0.45% | 2026-05-19 | 2026-05-19 |
| CVE-2026-35086 | Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | [email protected] | 6.5 | 0.50% | 2026-05-19 | 2026-05-19 |
| CVE-2026-31986 | Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | [email protected] | 9.1 | 0.42% | 2026-05-19 | 2026-05-19 |
| CVE-2026-31910 | Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | [email protected] | 7.5 | 0.46% | 2026-05-19 | 2026-05-19 |
| CVE-2026-31909 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | [email protected] | 7.5 | 0.49% | 2026-05-19 | 2026-05-19 |
| CVE-2026-31906 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | [email protected] | 6.1 | 0.44% | 2026-05-19 | 2026-05-19 |
| CVE-2026-31388 | Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | [email protected] | 5.3 | 0.42% | 2026-05-19 | 2026-05-19 |
| CVE-2026-31387 | Improper Authentication vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | [email protected] | 5.3 | 0.52% | 2026-05-19 | 2026-05-19 |
| CVE-2026-31380 | Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | [email protected] | 6.5 | 0.49% | 2026-05-19 | 2026-05-19 |
| CVE-2026-31379 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | [email protected] | 6.1 | 0.59% | 2026-05-19 | 2026-05-19 |
| CVE-2026-31378 | Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | [email protected] | 6.5 | 0.57% | 2026-05-19 | 2026-05-19 |
| CVE-2026-29226 | Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | [email protected] | 7.3 | 0.47% | 2026-05-19 | 2026-05-19 |
| CVE-2026-29220 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | [email protected] | 6.5 | 0.68% | 2026-05-19 | 2026-05-19 |
| CVE-2026-29207 | Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with dataTemplateTypeId = "FTL" are no longer supported. Additionally, in the updated version, the "Ecommerce Customer" security group no longer includes content management grants. Users are advised to r | [email protected] | 6.5 | 0.54% | 2026-05-19 | 2026-05-19 |
| CVE-2025-61623 | Reflected cross-site scripting vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue. | [email protected] | 6.5 | 0.68% | 2025-11-12 | 2025-11-13 |