lwd3c

2 exploits Active since May 2026
CVE-2026-47342 NOMISEC HIGH WORKING POC
Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass
A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the issue.
CVSS 8.8
CVE-2026-46586 GITHUB HIGH shell WORKING POC
Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution
Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVSS 8.8