| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-46586 | Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution | Apache Software Foundation | Apache OFBiz | - | - | 2026-05-19 09:41:40 | Deep Dive |
| CVE-2026-45434 | Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE | Apache Software Foundation | Apache OFBiz | - | - | 2026-05-19 09:40:27 | Deep Dive |
| CVE-2026-45187 | Apache OFBiz: Improper Authorization in Scheduled Job Creation Allows Low-Privileged Users to Submit System Jobs | Apache Software Foundation | Apache OFBiz | - | - | 2026-05-19 09:39:27 | Deep Dive |
| CVE-2026-41919 | Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction | Apache Software Foundation | Apache OFBiz | - | - | 2026-05-19 09:36:56 | Deep Dive |
| CVE-2026-35086 | Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services | Apache Software Foundation | Apache OFBiz | - | - | 2026-05-19 09:36:00 | Deep Dive |
| CVE-2026-31986 | Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection | Apache Software Foundation | Apache OFBiz | - | - | 2026-05-19 09:34:38 | Deep Dive |
| CVE-2026-31910 | Apache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File Access | Apache Software Foundation | Apache OFBiz | - | - | 2026-05-19 09:33:39 | Deep Dive |
| CVE-2026-31909 | Apache OFBiz: Unauthenticated Shipment Label Image Disclosure | Apache Software Foundation | Apache OFBiz | - | - | 2026-05-19 09:32:47 | Deep Dive |
| CVE-2026-31906 | Apache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog Parameters | Apache Software Foundation | Apache OFBiz | - | - | 2026-05-19 09:30:20 | Deep Dive |
| CVE-2026-31388 | Apache OFBiz: Cross-Tenant Data Exposure via Program Export Feature | Apache Software Foundation | Apache OFBiz | - | - | 2026-05-19 09:28:29 | Deep Dive |
| CVE-2026-31387 | Apache OFBiz: Cookie Manipulation Allows Authenticated JWT Forgery and Account Impersonation | Apache Software Foundation | Apache OFBiz | - | - | 2026-05-19 09:27:06 | Deep Dive |
| CVE-2026-31380 | Apache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass | Apache Software Foundation | Apache OFBiz | - | - | 2026-05-19 09:24:39 | Deep Dive |
| CVE-2026-31379 | Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager | Apache Software Foundation | Apache OFBiz | - | - | 2026-05-19 09:22:49 | Deep Dive |
| CVE-2026-31378 | Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution | Apache Software Foundation | Apache OFBiz | - | - | 2026-05-19 09:21:19 | Deep Dive |
| CVE-2026-29226 | Apache OFBiz: Low-Privilege SSRF in Content Component | Apache Software Foundation | Apache OFBiz | - | - | 2026-05-19 09:19:31 | Deep Dive |
| CVE-2026-29207 | Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component | Apache Software Foundation | Apache OFBiz | - | - | 2026-05-19 09:18:19 | Deep Dive |
| CVE-2026-29220 | Apache OFBiz: Low-Privilege LFI in Content Component | Apache Software Foundation | Apache OFBiz | - | - | 2026-05-19 09:17:00 | Deep Dive |
| CVE-2026-44719 | Mathesar: Missing collaborator checks allowed access to database-scoped Mathesar metadata | mathesar-foundation | mathesar | - | - | 2026-05-15 18:24:55 | Deep Dive |
| CVE-2026-44718 | Mathesar: Missing collaborator checks allowed access to saved explorations in other databases | mathesar-foundation | mathesar | - | - | 2026-05-15 18:23:11 | Deep Dive |
| CVE-2026-35194 | Apache Flink: Remote code execution via SQL injection in code generation | Apache Software Foundation | Apache Flink | - | - | 2026-05-15 15:27:27 | Deep Dive |