CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/05/15 12:0 a.m.•8 views

SAP NetWeaver AS ABAP SQL Injection (3724838)

The version of SAP NetWeaver AS ABAP detected on the remote host is affected by a SQL injection vulnerability as referenced in SAP Security Note 3724838: - A SQL injection vulnerability exists in SAP S/4HANA SAP Enterprise Search for ABAP. An authenticated attacker with low privileges could explo...

9.6CVSS6.3AI score0.00015EPSS

EUVD•added 2026/05/12 3:31 a.m.•12 views

EUVD-2026-29371

Vulnrichment•added 2026/05/12 2:20 a.m.•12 views

CVE-2026-34260 SQL injection vulnerability in SAP S/4HANA (SAP Enterprise Search for ABAP)

CVE•added 2026/05/12 2:20 a.m.•17 views

CVE-2026-34260

Summary of CVE-2026-34260 Affected software: SAP S/4HANA with SAP Enterprise Search for ABAP . Vulnerability: A SQL injection flaw where user-controlled input is directly concatenated into SQL queries and passed to the database without proper validation or sanitization. Impact: If exploited by an...

ATTACKERKB•added 2026/05/12 2:20 a.m.•6 views

CVE-2026-34260

Cvelist•added 2026/05/12 2:20 a.m.•35 views

CVE-2026-34260 SQL injection vulnerability in SAP S/4HANA (SAP Enterprise Search for ABAP)

9.6CVSS0.00015EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•12 views

PT-2026-39921

Name of the Vulnerable Software and Affected Versions SAP S/4HANA SAP Enterprise Search for ABAP affected versions not specified Description An authenticated attacker can inject malicious SQL statements through user-controlled input. The application directly concatenates this input into SQL queri...

RedhatCVE•added 2026/01/09 11:20 a.m.•4 views

Exploits0References21

CVE-2021-22148

Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines...

8.8CVSS6.8AI score0.0024EPSS

RedhatCVE•added 2026/01/09 9:57 a.m.•10 views

CVE-2020-7018

Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the ï¿½developerï¿½ role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same...

8.8CVSS6.6AI score0.00207EPSS

RedhatCVE•added 2025/12/10 2:32 a.m.•7 views

CVE-2025-42891

Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on...

5.5CVSS6.3AI score0.00035EPSS

EUVD•added 2025/12/09 6:30 p.m.•3 views

EUVD-2025-201847

5.5CVSS5.9AI score0.00035EPSS

NVD•added 2025/12/09 4:17 p.m.•4 views

CVE-2025-42891

5.5CVSS0.00035EPSS

CVE•added 2025/12/09 2:15 a.m.•8 views

CVE-2025-42891

CVE-2025-42891 involves a missing authorization check in SAP Enterprise Search for ABAP, enabling a high-privilege attacker to read/export database tables into an ABAP report. Affected component: SAP Enterprise Search for ABAP. Root cause: insufficient authorization checks. Impact (per sources): ...

5.5CVSS6AI score0.00035EPSS

Vulnrichment•added 2025/12/09 2:15 a.m.•2 views

CVE-2025-42891 Missing Authorization check in SAP Enterprise Search for ABAP

5.5CVSS6AI score0.00035EPSS

Cvelist•added 2025/12/09 2:15 a.m.•27 views

CVE-2025-42891 Missing Authorization check in SAP Enterprise Search for ABAP

5.5CVSS0.00035EPSS

CNNVD•added 2025/12/09 12:0 a.m.•2 views

SAP Application Server for ABAP 安全漏洞

SAP Enterprise Search for ABAP is an enterprise-level unified search software from SAP, a German company. A security vulnerability exists in SAP Enterprise Search for ABAP that stems from a lack of authorization checking and could lead to database table contents being read and exported...

5.5CVSS6.4AI score0.00035EPSS