cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-45195,https://securityvulnerability.io/vulnerability/CVE-2024-45195,Apache OFBiz vulnerable to 'Forced Browsing' (Direct Request) attack,"The vulnerability CVE-2024-45195 affects Apache OFBiz versions before 18.12.16, allowing attackers to execute arbitrary code on the server without valid credentials. This vulnerability poses a severe risk to organizations relying on OFBiz, including potential data theft, disruption of operations, and lateral movement and persistence within the network. Apache has released a patch in version 18.12.16 to address this vulnerability, along with three other related vulnerabilities. Previous vulnerabilities in Apache OFBiz have been actively exploited, making it crucial for organizations to promptly implement the patch to safeguard their critical data and mitigate their attack surface.",Apache,Apache Ofbiz,7.5,HIGH,0.030239999294281006,true,2025-02-04T00:00:00.000Z,true,false,true,2024-09-06T01:00:00.000Z,,false,false,,2024-09-04T08:08:59.201Z,0 CVE-2024-27348,https://securityvulnerability.io/vulnerability/CVE-2024-27348,RCE Vulnerability in Apache HugeGraph-Server,"Apache HugeGraph-Server has a remote command execution vulnerability that affects users running versions from 1.0.0 to 1.2.9 with Java 8 and Java 11. This issue allows attackers to execute arbitrary commands on the server, exposing sensitive data and resulting in potential system compromise. To mitigate this security risk, it is crucial for users to upgrade to version 1.3.0 or later while also enabling the authentication system, which strengthens the application's security posture. For further configuration details, refer to the official documentation.",Apache,Apache Hugegraph-server,9.8,CRITICAL,0.9602599740028381,true,2024-09-18T00:00:00.000Z,true,false,true,2024-06-04T04:08:24.000Z,true,true,false,,2024-04-22T14:08:06.294Z,9704 CVE-2024-38856,https://securityvulnerability.io/vulnerability/CVE-2024-38856,Incorrect Authorization Vulnerability Affects Apache OFBiz Through 18.12.14,"An incorrect authorization vulnerability exists in Apache OFBiz that affects versions up to 18.12.14. This issue permits unauthenticated endpoints to execute screen rendering code if certain preconditions are met, particularly when the screen definitions lack explicit checks for user permissions due to reliance on endpoint configurations. Users are advised to upgrade to version 18.12.15 to mitigate the vulnerability and secure their systems.",Apache,Apache Ofbiz,9.8,CRITICAL,0.9428799748420715,true,2024-08-27T00:00:00.000Z,true,true,true,2024-08-05T14:45:12.000Z,true,true,true,2024-08-06T21:52:02.266Z,2024-08-05T08:20:18.081Z,7151 CVE-2024-32113,https://securityvulnerability.io/vulnerability/CVE-2024-32113,Apache OFBiz Fixes Path Traversal Vulnerability,"The Apache OFBiz has a Path Traversal vulnerability, identified as CVE-2024-32113, that allows for arbitrary code execution. This vulnerability has been exploited, particularly by the Mirai Botnet, highlighting the urgency of upgrading to version 18.12.13 to fix the issue. Another critical vulnerability affects VMware eSXI hypervisors, allowing for authentication bypass and potential ransomware exploits. It is crucial to ensure that all eSXI hypervisors are patched and to use two-factor authentication to enhance security. Additionally, multiple flaws in Windows Security features, particularly Smart Screen and Smart App Control, have been reported, posing a risk of initial access with minimal user interaction. Teams are advised to carefully monitor and study downloads on their systems to mitigate this risk.",Apache,Apache Ofbiz,9.8,CRITICAL,0.9147899746894836,true,2024-08-07T00:00:00.000Z,true,true,true,2024-08-05T19:51:02.000Z,true,false,false,,2024-05-08T14:50:07.272Z,0