CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1237 matches found

SAP Memory Pipes (MPI) Desynchronization

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable to request smuggling and request concatenation attacks. An unauthenticated attacker can prepend a victim's request with arbitrary data. This...

10CVSS7.7AI score0.93833EPSS

Exploits8References5

Tenable Nessus•added 2026/05/15 12:0 a.m.•7 views

SAP NetWeaver AS ABAP SQL Injection (3724838)

The version of SAP NetWeaver AS ABAP detected on the remote host is affected by a SQL injection vulnerability as referenced in SAP Security Note 3724838: - A SQL injection vulnerability exists in SAP S/4HANA SAP Enterprise Search for ABAP. An authenticated attacker with low privileges could explo...

9.6CVSS6.3AI score0.00015EPSS

Exploits0References3

Tenable Nessus•added 2026/05/15 12:0 a.m.•6 views

SAP NetWeaver AS ABAP OS Command Injection (3730019)

The version of SAP NetWeaver AS ABAP detected on the remote host is affected by an OS command injection vulnerability as referenced in SAP Security Note 3730019: - An OS command injection vulnerability exists in SAP NetWeaver Application Server for ABAP and ABAP Platform. An authenticated attacke...

6.5CVSS5.8AI score0.00234EPSS

Exploits0References3

NVD•added 2026/05/14 7:16 p.m.•5 views

CVE-2026-27680

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...

4.3CVSS0.00031EPSS

Exploits0References2

Cvelist•added 2026/05/14 6:33 p.m.•25 views

CVE-2026-27680 CSS Injection vulnerability in SAP NetWeaver Application Server ABAP

3.1CVSS0.00031EPSS

Exploits0References2

EUVD•added 2026/05/14 6:33 p.m.•5 views

EUVD-2026-30363

3.1CVSS5.8AI score0.00031EPSS

Exploits0References2

Vulnrichment•added 2026/05/14 6:33 p.m.•4 views

CVE-2026-27680 CSS Injection vulnerability in SAP NetWeaver Application Server ABAP

3.1CVSS5.8AI score0.00031EPSS

Exploits0References2

Positive Technologies•added 2026/05/14 12:0 a.m.•7 views

PT-2026-41014

3.1CVSS5.8AI score0.00031EPSS

Exploits0References3

EUVD•added 2026/05/12 3:31 a.m.•5 views

EUVD-2026-29371

SAP S/4HANA SAP Enterprise Search for ABAP contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the...

9.6CVSS5.9AI score0.00015EPSS

Exploits0References3

EUVD•added 2026/05/12 3:31 a.m.•4 views

EUVD-2026-29370

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver Application Server ABAP Applications based on Business Server Pages, an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the...

4.7CVSS5.8AI score0.00022EPSS

Exploits0References3

NVD•added 2026/05/12 3:16 a.m.•6 views

CVE-2026-40135

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of...

6.5CVSS0.00234EPSS

Exploits0References2

NVD•added 2026/05/12 3:16 a.m.•7 views

CVE-2026-40129

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

4.3CVSS0.00016EPSS

Exploits0References2

NVD•added 2026/05/12 3:16 a.m.•8 views

CVE-2026-27682

6.1CVSS0.00022EPSS

Exploits0References2

Vulnrichment•added 2026/05/12 2:21 a.m.•8 views

CVE-2026-40135 OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

6.5CVSS6AI score0.00234EPSS

Exploits0References2

ATTACKERKB•added 2026/05/12 2:21 a.m.•2 views

CVE-2026-40135

6.5CVSS6AI score0.00234EPSS

Exploits0References3

Cvelist•added 2026/05/12 2:21 a.m.•33 views

CVE-2026-40135 OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

6.5CVSS0.00234EPSS

Exploits0References2

CVE•added 2026/05/12 2:20 a.m.•7 views

CVE-2026-40129

The vulnerability CVE-2026-40129 affects SAP Application Server ABAP for SAP NetWeaver and ABAP Platform. A code injection flaw allows an authenticated attacker to submit specially crafted inputs that, if processed, can be delivered to channel subscribers and execute code on behalf of other users...

4.3CVSS6.3AI score0.00016EPSS

Exploits0References2

Vulnrichment•added 2026/05/12 2:20 a.m.•4 views

CVE-2026-40129 Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform

4.3CVSS6.3AI score0.00016EPSS

Exploits0References2

ATTACKERKB•added 2026/05/12 2:20 a.m.•2 views

CVE-2026-40129

4.3CVSS6.3AI score0.00016EPSS

Exploits0References3

Cvelist•added 2026/05/12 2:20 a.m.•31 views

CVE-2026-40129 Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform