Shodan
Vulnerabilities
Vulnerable Software
Apache:  >> Ofbiz  >> 9.04  Security Vulnerabilities
CVE-2026-31910
Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-05-19
CVE-2026-31986
Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-05-19
CVE-2026-35086
Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVSS Score
6.5
EPSS Score
0.002
Published
2026-05-19
CVE-2026-41919
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-05-19
CVE-2026-45187
Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVSS Score
6.5
EPSS Score
0.002
Published
2026-05-19
CVE-2026-45434
Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-05-19
CVE-2026-46586
Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-05-19
CVE-2026-31378
Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVSS Score
6.5
EPSS Score
0.003
Published
2026-05-19
CVE-2026-31379
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVSS Score
6.1
EPSS Score
0.002
Published
2026-05-19
CVE-2026-31380
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVSS Score
6.5
EPSS Score
0.002
Published
2026-05-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved