Analyzed
about 17 hours
ago.
based on code collected
1 day
ago.
Major Versions
click and drag to zoom
Security Vulnerabilities for Version:
Severities:
Type
|
Identifier
|
Related Record |
Severity
|
Date Published
|
Description | Versions Affected |
|---|---|---|---|---|---|
| CVE-2025-61623 | Medium | Nov 12, 2025 | Reflected cross-site scripting vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to v more... |
18.12.06, 17.12.09, 18.12.05, 18.12.04, 18.12.03, 18.12.02, 18.12.01, 17.12.08, 17.12.07, 17.12.06
|
|
| CVE-2025-59118 | High | Nov 12, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommende more... |
18.12.06, 17.12.09, 18.12.05, 18.12.04, 18.12.03, 18.12.02, 18.12.01, 17.12.08, 17.12.07, 17.12.06
|
|
| CVE-2025-54466 | BDSA-2025-8790 | Critical | Aug 15, 2025 | Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apa more... |
18.12.06, 17.12.09, 18.12.05, 18.12.04, 18.12.03, 18.12.02, 18.12.01, 17.12.08, 17.12.07, 17.12.06
|
| CVE-2025-30676 | BDSA-2025-2829 | Medium | Apr 01, 2025 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 1 more... |
18.12.06, 17.12.09, 18.12.05, 18.12.04, 18.12.03, 18.12.02, 18.12.01, 17.12.08, 17.12.07, 17.12.06
|
| CVE-2024-48962 | BDSA-2024-8794 | High | Nov 18, 2024 | Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a T more... |
18.12.06, 17.12.09, 18.12.05, 18.12.04, 18.12.03, 18.12.02, 18.12.01, 17.12.08, 17.12.07, 17.12.06
|
| CVE-2024-47208 | BDSA-2024-8809 | Critical | Nov 18, 2024 | Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache more... |
18.12.06, 17.12.09, 18.12.05, 18.12.04, 18.12.03, 18.12.02, 18.12.01, 17.12.08, 17.12.07, 17.12.06
|
| CVE-2024-45507 | BDSA-2024-6063 | Critical | Sep 04, 2024 | Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache more... |
18.12.06, 17.12.09, 18.12.05, 18.12.04, 18.12.03, 18.12.02, 18.12.01, 17.12.08, 17.12.07, 17.12.06
|
| CVE-2024-45195 | BDSA-2024-10619 | High | Sep 04, 2024 | Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade more... |
18.12.06, 17.12.09, 18.12.05, 18.12.04, 18.12.03, 18.12.02, 18.12.01, 17.12.08, 17.12.07, 17.12.06
|
| CVE-2024-38856 | BDSA-2024-5139 | Critical | Aug 05, 2024 | Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version more... |
18.12.06, 17.12.09, 18.12.05, 18.12.04, 18.12.03, 18.12.02, 18.12.01, 17.12.08, 17.12.07, 17.12.06
|
| CVE-2024-36104 | BDSA-2024-3354 | Critical | Jun 04, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 1 more... |
18.12.06, 17.12.09, 18.12.05, 18.12.04, 18.12.03, 18.12.02, 18.12.01, 17.12.08, 17.12.07, 17.12.06
|
