📦 Ofbiz

This CVE describes a critical code injection vulnerability in Apache OFBiz's scrum plugin, allowing unauthenticated attackers to execute arbitrary code remotely, leading to full system compromise. It ...

This CVE describes a Server-Side Request Forgery (SSRF) and code injection vulnerability in Apache OFBiz. Attackers can exploit it to make the server send unauthorized requests to internal systems and...

This CVE describes a critical Server-Side Request Forgery (SSRF) and code injection vulnerability in Apache OFBiz. Attackers can exploit this to make the server send unauthorized requests to internal ...

This path traversal vulnerability in Apache OFBiz allows attackers to access files outside the intended directory. It affects all Apache OFBiz installations before version 18.12.14. Attackers could po...

This path traversal vulnerability in Apache OFBiz allows attackers to access files outside the intended directory by manipulating file paths. It affects all Apache OFBiz versions before 18.12.13, pote...

CVE-2024-25065 is a path traversal vulnerability in Apache OFBiz that allows attackers to bypass authentication mechanisms by manipulating file paths. This affects all Apache OFBiz installations runni...

CVE-2023-51467 is an authentication bypass vulnerability in Apache OFBiz that allows attackers to circumvent authentication mechanisms and remotely execute arbitrary code. This affects Apache OFBiz in...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on Apache OFBiz servers by exploiting a deprecated XML-RPC component. It affects all Apache OFBiz versions before 1...

This vulnerability allows attackers to upload malicious files to Apache OFBiz servers, which can lead to remote code execution. It affects Apache OFBiz versions 17.12.07 and earlier. Attackers can exp...

CVE-2021-29200 is an unsafe deserialization vulnerability in Apache OFBiz that allows unauthenticated remote code execution. Attackers can exploit this to execute arbitrary code on affected systems. A...

Apache OFBiz versions before 17.12.07 contain an unsafe deserialization vulnerability that allows remote attackers to execute arbitrary code on affected systems. This affects all deployments running v...

Apache OFBiz versions before 17.12.06 contain an unsafe deserialization vulnerability in the SOAP component. Unauthenticated attackers can exploit this to execute arbitrary code and take complete cont...

This vulnerability allows attackers to upload malicious files to Apache OFBiz servers, potentially leading to remote code execution or server compromise. It affects all Apache OFBiz installations befo...

This CVE describes a Direct Request (Forced Browsing) vulnerability in Apache OFBiz that allows attackers to access restricted resources by directly requesting URLs without proper authorization. It af...

This vulnerability in Apache OFBiz allows unauthenticated attackers to read arbitrary file properties via unauthorized URI calls, potentially exposing sensitive system information. The same URI can be...

This CVE describes a reflected cross-site scripting (XSS) vulnerability in Apache OFBiz that allows attackers to inject malicious scripts into web pages. The vulnerability affects users of Apache OFBi...