Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Apache OFBiz — Vulnerabilities & Security Advisories 38

All 38 CVE vulnerabilities found in Apache OFBiz, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPaused
CVE-2025-61623 Apache OFBiz: Reflected Cross-site Scripting CWE-79 6.1 -2025-11-12
CVE-2025-59118 Apache OFBiz: Critical Remote Command Execution via Unrestricted File Upload CWE-434 9.8 -2025-11-12
CVE-2025-54466 Apache OFBiz: RCE Vulnerability in scrum plugin CWE-94 9.8AICriticalAI2025-08-15
CVE-2025-30676 Apache OFBiz: Stored XSS Vulnerability CWE-80 6.1 -2025-04-01
CVE-2025-26865 Apache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCE CWE-1336 9.8 -2025-03-10
CVE-2024-47208 Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE CWE-918 9.8AICriticalAI2024-11-18
CVE-2024-48962 Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE) CWE-94 8.8AIHighAI2024-11-18
CVE-2024-45195 Apache OFBiz: Confused controller-view authorization logic (forced browsing) CWE-425 9.1AICriticalAI2024-09-04
CVE-2024-45507 Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE CWE-918 9.8AICriticalAI2024-09-04
CVE-2024-38856 Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code CWE-863 5.6AIMediumAI2024-08-05
CVE-2024-36104 Apache OFBiz: Path traversal leading to a RCE CWE-22 7.5AIHighAI2024-06-04
CVE-2024-32113 Apache OFBiz: Path traversal leading to RCE CWE-22 7.5AIHighAI2024-05-08
CVE-2024-23946 Apache OFBiz: Path traversal or file inclusion CWE-22 9.1 -2024-02-28
CVE-2024-25065 Apache OFBiz: Path traversal allowing authentication bypass. CWE-22 9.1 -2024-02-28
CVE-2023-51467 Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability 9.8AICriticalAI2023-12-26
CVE-2023-50968 Apache OFBiz: Arbitrary file properties reading and SSRF attack CWE-200 6.5AIMediumAI2023-12-26
CVE-2023-49070 Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present CWE-94 9.8 -2023-12-05
CVE-2023-46819 Apache OFBiz: Execution of Solr plugin queries without authentication CWE-306 9.8 -2023-11-07
CVE-2022-47501 Apache OFBiz: Arbitrary file reading vulnerability CWE-22 7.5 -2023-04-14
CVE-2022-29158 Regular Expression Denial of Service (ReDoS) vulnerability in Apache OFBiz CWE-1333 7.5 -2022-09-02
CVE-2022-29063 Java Deserialization via RMI Connection from the Solr plugin of Apache OFBiz CWE-502 9.8 -2022-09-02
CVE-2022-25813 Server-Side Template Injection affecting the ecommerce plugin of Apache OFBiz CWE-1336 7.5 -2022-09-02
CVE-2022-25371 Unauth Path Traversal with file corruption affecting the Birt plugin of Apache OFBiz CWE-22 9.8 -2022-09-02
CVE-2022-25370 Unauth Stored XSS vulnerability in the Birt plugin of Apache OFBiz CWE-79 5.4 -2022-09-02
CVE-2021-37608 Arbitrary file upload vulnerability in OFBiz CWE-434 9.8 -2021-08-18
CVE-2021-30128 Unsafe deserialization in Apache OFBiz 9.8 -2021-04-27
CVE-2021-29200 RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI 9.8 -2021-04-27
CVE-2021-26295 RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI 9.8 -2021-03-22
CVE-2020-9496 Apache OFBiz 代码问题漏洞 8.8 -2020-07-15
CVE-2020-13923 Apache OFBiz 输入验证错误漏洞 5.3 -2020-07-15

All 38 known CVE vulnerabilities affecting Apache OFBiz with full Chinese analysis, references, and POCs where available.