Lucene search
K

334 matches found

GithubExploit
GithubExploit
added 2026/06/11 11:8 a.m.119 views

Bug-Bounty-Practice-lab

Syntex Solutions — Vulnerable Lab ⚠️ WARNING — FOR AUTHOR...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/11 12:26 p.m.12 views

Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices

SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems. The vulnerabilities in question listed below - CVE-2019-17571 CVSS score: 9.8 - A code injection vulnerability in SAP Quotation Management...

9.8CVSS7.6AI score0.6906EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.5 views

CVE-2026-27685

SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the host system...

9.1CVSS5.8AI score0.00551EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/10 6:31 p.m.3 views

EUVD-2026-10456

SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the host system...

9.1CVSS5.8AI score0.00551EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/10 6:31 p.m.4 views

EUVD-2026-10457

SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the host system...

9.1CVSS5.8AI score0.00551EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/10 12:18 a.m.2 views

CVE-2026-27685 Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration

SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the host system...

9.1CVSS5.8AI score0.00551EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/10 12:18 a.m.5 views

CVE-2026-27685

SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the host system...

9.1CVSS5.8AI score0.00551EPSS
Exploits0References3
CVE
CVE
added 2026/03/10 12:18 a.m.23 views

CVE-2026-27685

SAP NetWeaver Enterprise Portal Administration is reported to be vulnerable to insecure deserialization when a privileged user uploads untrusted content, potentially affecting confidentiality, integrity, and availability of the host. The provided documents identify the affected product and the un...

9.1CVSS5.8AI score0.00551EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/10 12:18 a.m.31 views

CVE-2026-27685 Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration

SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the host system...

9.1CVSS0.00551EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.7 views

SAP NetWeaver Enterprise Portal Administration 代码问题漏洞

SAP NetWeaver Enterprise Portal Administration is an access control software developed by the German company SAP. There is a code vulnerability in SAP NetWeaver Enterprise Portal Administration. This vulnerability arises from privileged users uploading untrusted or malicious content, which may...

9.1CVSS6.9AI score0.00551EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/01/13 9:28 p.m.9 views

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.8.2 release.

Red Hat Developer Hub 1.8.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

7.5CVSS6.5AI score0.03092EPSS
Exploits3References10
Cvelist
Cvelist
added 2026/01/13 1:13 a.m.27 views

CVE-2026-0499 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal...

6.1CVSS0.00172EPSS
Exploits0References2
CVE
CVE
added 2026/01/13 1:13 a.m.16 views

CVE-2026-0499

The CVE-2026-0499 case concerns SAP NetWeaver Enterprise Portal, where an unauthenticated attacker can perform reflected Cross-Site Scripting by injecting malicious scripts into a URL parameter. The server response reflects the payload and executes it in the user’s browser, enabling potential ses...

6.1CVSS6.3AI score0.00172EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

SAP NetWeaver Enterprise Portal 跨站脚本漏洞

SAP NetWeaver Enterprise Portal is a web front-end component of SAP NetWeaver from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Enterprise Portal, which originates from an unauthenticated attacker being able to inject malicious scripts into URL parameters, which coul...

6.1CVSS5.7AI score0.00172EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:40 a.m.8 views

CVE-2022-35224

SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a...

6.1CVSS6AI score0.00664EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:52 a.m.7 views

CVE-2021-33703

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting XSS vulnerability...

8.3CVSS5.9AI score0.01482EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:52 a.m.9 views

CVE-2021-33702

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets...

8.3CVSS5.7AI score0.01482EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/01/07 6:34 p.m.10 views

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.7.4 release.

Red Hat Developer Hub 1.7.4 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

8.7CVSS6.8AI score0.03092EPSS
Exploits4References14
RedhatCVE
RedhatCVE
added 2025/12/10 2:32 a.m.6 views

CVE-2025-42872

Due to a Cross-Site Scripting XSS vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that execute in the context of other users� browsers, allowing the attacker to steal session cookies, tokens, and other sensitive information. As a result...

6.1CVSS5.8AI score0.00221EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.4 views

EUVD-2025-201855

Due to a Cross-Site Scripting XSS vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that execute in the context of other users� browsers, allowing the attacker to steal session cookies, tokens, and other sensitive information. As a result...

6.1CVSS5.4AI score0.00221EPSS
Exploits0References3
Rows per page
Query Builder