| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-61623 | Apache OFBiz: Reflected Cross-site Scripting | Apache Software Foundation | Apache OFBiz | 高危 | - | 2025-11-12 09:16:58 | Deep Dive |
| CVE-2025-59118 | Apache OFBiz: Critical Remote Command Execution via Unrestricted File Upload | Apache Software Foundation | Apache OFBiz | 高危 | - | 2025-11-12 09:15:54 | Deep Dive |
| CVE-2025-54466 | Apache OFBiz: RCE Vulnerability in scrum plugin | Apache Software Foundation | Apache OFBiz | - | - | 2025-08-15 14:13:53 | Deep Dive |
| CVE-2025-30676 | Apache OFBiz: Stored XSS Vulnerability | Apache Software Foundation | Apache OFBiz | 中危 | - | 2025-04-01 14:43:50 | Deep Dive |
| CVE-2025-26865 | Apache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCE | Apache Software Foundation | Apache OFBiz | 低危 | - | 2025-03-10 14:01:07 | Deep Dive |
| CVE-2024-47208 | Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE | Apache Software Foundation | Apache OFBiz | - | - | 2024-11-18 08:43:18 | Deep Dive |
| CVE-2024-48962 | Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE) | Apache Software Foundation | Apache OFBiz | - | - | 2024-11-18 08:41:31 | Deep Dive |
| CVE-2024-45195 | Apache OFBiz: Confused controller-view authorization logic (forced browsing) | Apache Software Foundation | Apache OFBiz | - | - | 2024-09-04 08:08:59 | Deep Dive |
| CVE-2024-45507 | Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE | Apache Software Foundation | Apache OFBiz | - | - | 2024-09-04 08:08:34 | Deep Dive |
| CVE-2024-38856 | Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code | Apache Software Foundation | Apache OFBiz | - | - | 2024-08-05 08:20:18 | Deep Dive |
| CVE-2024-36104 | Apache OFBiz: Path traversal leading to a RCE | Apache Software Foundation | Apache OFBiz | - | - | 2024-06-04 07:25:08 | Deep Dive |
| CVE-2024-32113 | Apache OFBiz: Path traversal leading to RCE | Apache Software Foundation | Apache OFBiz | - | - | 2024-05-08 14:50:07 | Deep Dive |
| CVE-2024-23946 | Apache OFBiz: Path traversal or file inclusion | Apache Software Foundation | Apache OFBiz | 中危 | - | 2024-02-28 15:44:42 | Deep Dive |
| CVE-2024-25065 | Apache OFBiz: Path traversal allowing authentication bypass. | Apache Software Foundation | Apache OFBiz | 高危 | - | 2024-02-28 15:42:50 | Deep Dive |
| CVE-2023-51467 | Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability | Apache Software Foundation | Apache OFBiz | - | - | 2023-12-26 14:47:00 | Deep Dive |
| CVE-2023-50968 | Apache OFBiz: Arbitrary file properties reading and SSRF attack | Apache Software Foundation | Apache OFBiz | - | - | 2023-12-26 11:45:55 | Deep Dive |
| CVE-2023-49070 | Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present | Apache Software Foundation | Apache OFBiz | 超危 | - | 2023-12-05 08:05:07 | Deep Dive |
| CVE-2023-46819 | Apache OFBiz: Execution of Solr plugin queries without authentication | Apache Software Foundation | Apache OFBiz | 中危 | - | 2023-11-07 11:02:03 | Deep Dive |
| CVE-2022-47501 | Apache OFBiz: Arbitrary file reading vulnerability | Apache Software Foundation | Apache OFBiz | 高危 | - | 2023-04-14 15:01:32 | Deep Dive |
| CVE-2022-29158 | Regular Expression Denial of Service (ReDoS) vulnerability in Apache OFBiz | Apache Software Foundation | Apache OFBiz | 高危 | - | 2022-09-02 07:10:20 | Deep Dive |