Lucene search
K

43057 matches found

Nuclei
Nuclei
added yesterday572 views

Javafaces LFI

An Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware...

5CVSS6.1AI score0.32441EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday37 views

Leantime < 2.4 - Authenticated SQL Injection

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

6.5CVSS6.6AI score0.01872EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-44761

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token...

9.1CVSS0.00352EPSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-44770

SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the...

4.3CVSS0.00168EPSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-44753

SAP HANA Database user self service tools allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts,...

3.7CVSS0.0022EPSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-44745

SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results...

8.1CVSS0.00331EPSS
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-0487

SAProuter on Microsoft Windows allows an unauthenticated attacker to load library DLL files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impac...

8.4CVSS0.00148EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday8 views

CVE-2026-44771 Missing Authorization check in SAP S/4HANA (Draft operation)

SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of...

4.3CVSS0.00172EPSS
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-43595

SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of...

4.3CVSS6.1AI score0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday9 views

CVE-2026-44770 Missing Authorization check in SAP S/4 HANA (Create Single Payment)

SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the...

4.3CVSS0.00168EPSS
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-43594

SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the...

4.3CVSS6.1AI score0.00168EPSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-44769

CVE-2026-44769 affects SAP S/4HANA Project Management (PPM-PRO). The connected documents describe a vulnerability where an attacker with high privileges can induce crafted database queries, resulting in exposure of the backend database. The impact is specified as low for confidentiality (C:H) wit...

5.5CVSS6.2AI score0.00197EPSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-43593

SAP S/4HANA application Project Management PPM-PRO allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application...

5.5CVSS6.2AI score0.00197EPSS
Exploits0References2
CVE
CVE
added yesterday23 views

CVE-2026-44761

SAP Commerce Cloud is affected by CVE-2026-44761, where a sample OAuth2 client may retain publicly documented sample credentials from SAP Help Portal configuration. If left unchanged, an unauthenticated attacker could obtain a valid access token and invoke certain APIs to read and modify data, re...

9.1CVSS6.1AI score0.00352EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-43588

SAP HANA Database user self service tools allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts,...

3.7CVSS6.1AI score0.0022EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-43585

SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results...

8.1CVSS6.1AI score0.00331EPSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago104 views

Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection

Visual Tools DVR VX16 4.2.28.0 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-42071 info: name: Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection author: gy741 severity: critical description: Visual...

10CVSS7.2AI score0.69882EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-60002

A flaw was found in OpenSSH. A remote attacker could exploit a use-after-free vulnerability on the client side when a server changes its host key during a key re-exchange. This could lead to high impact on confidentiality and integrity, and low impact on availability. Mitigation To mitigate this...

9.4CVSS6AI score0.00263EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/06 5:32 a.m.7 views

nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch

A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS Transport Layer Security hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security...

7.7CVSS5.9AI score0.00674EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2026/07/06 12:0 a.m.4 views

The vulnerability of the ipv6_rpl_srh_rcv function in the RFC 6554 Source Routing Header Handler component of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the ipv6rplsrhrcv function in the RFC 6554 Source Routing Header Handler component of the Linux operating system is related to the execution of operations outside the buffer boundaries in memory. Exploitation of this vulnerability could allow a remote attacker to compromise t...

10CVSS6.3AI score0.00475EPSS
Exploits0References11Affected Software4
Rows per page
Query Builder