|
4491
|
5.3 |
MEDIUM
Network
|
apache
|
ofbiz
|
Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixe…
|
CWE-284
Improper Access Control
|
CVE-2026-31388
|
2026-05-20 01:36 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4492
|
6.1 |
MEDIUM
Network
|
apache
|
ofbiz
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrad…
|
CWE-79
Cross-site Scripting
|
CVE-2026-31906
|
2026-05-20 01:36 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4493
|
7.5 |
HIGH
Network
|
apache
|
ofbiz
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, whi…
|
CWE-200
Information Exposure
|
CVE-2026-31909
|
2026-05-20 01:36 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4494
|
7.5 |
HIGH
Network
|
apache
|
ofbiz
|
Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixes the issue.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-31910
|
2026-05-20 01:36 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4495
|
9.1 |
CRITICAL
Network
|
apache
|
ofbiz
|
Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixes the issue.
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-31986
|
2026-05-20 01:36 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4496
|
6.5 |
MEDIUM
Network
|
apache
|
ofbiz
|
Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to vers…
|
CWE-94
Code Injection
|
CVE-2026-35086
|
2026-05-20 01:36 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4497
|
9.1 |
CRITICAL
Network
|
apache
|
ofbiz
|
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrad…
|
CWE-90
LDAP Injection
|
CVE-2026-41919
|
2026-05-20 01:35 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4498
|
6.5 |
MEDIUM
Network
|
apache
|
ofbiz
|
Improper Authorization vulnerability in Apache OFBiz Webtools.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixes the issue.
|
CWE-285
Improper Authorization
|
CVE-2026-45187
|
2026-05-20 01:35 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4499
|
9.1 |
CRITICAL
Network
|
freedesktop
|
gst-plugins-good
|
An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_audio_caps function does not sufficiently validate atom data before per…
|
CWE-369
Divide By Zero
|
CVE-2026-46470
|
2026-05-20 01:34 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4500
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via…
|
CWE-862
Missing Authorization
|
CVE-2026-8547
|
2026-05-20 01:33 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
