CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

135 matches found

CVE-2026-44744

SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...

6.5CVSS5.7AI score0.00026EPSS

Exploits0References1

EUVD•added 5 days ago•9 views

EUVD-2026-35286

The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...

6.6CVSS5.5AI score0.00035EPSS

Exploits0References2

ATTACKERKB•added 5 days ago•4 views

CVE-2026-44744

6.5CVSS5.7AI score0.00026EPSS

Exploits0References3Affected Software1

EUVD•added 5 days ago•8 views

EUVD-2026-35281

6.5CVSS5.7AI score0.00026EPSS

Exploits0References2

Cvelist•added 5 days ago•33 views

CVE-2026-44744 SQL Injection vulnerability in SAP S/4HANA

6.5CVSS0.00026EPSS

Exploits0References2

Positive Technologies•added 5 days ago•6 views

PT-2026-47532

6.5CVSS5.7AI score0.00026EPSS

Exploits0References3

EUVD•added 2026/05/12 3:31 a.m.•13 views

EUVD-2026-29363

Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...

4.3CVSS5.8AI score0.00011EPSS

Exploits0References3

NVD•added 2026/05/12 3:16 a.m.•8 views

CVE-2026-40134

4.3CVSS0.00011EPSS

Exploits0References2

Vulnrichment•added 2026/05/12 2:21 a.m.•6 views

CVE-2026-40134 Missing Authorization Check in SAP Incentive and Commission Management

4.3CVSS5.8AI score0.00011EPSS

Exploits0References2

Vulnrichment•added 2026/04/14 12:7 a.m.•1 views

CVE-2026-27675 Code Injection vulnerability in SAP Landscape Transformation

SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or...

2CVSS6AI score0.00033EPSS

Exploits0References2

Positive Technologies•added 2026/04/14 12:0 a.m.•2 views

PT-2026-32555

2CVSS6AI score0.00033EPSS

Exploits0References3

Tenable Nessus•added 2026/03/13 12:0 a.m.•3 views

SAP NetWeaver AS ABAP Missing Authorization Check (3704740)

The version of SAP NetWeaver AS ABAP and ABAP Platform detected on the remote host is affected by a missing authorization check vulnerability as referenced in the SAP Security Patch Day March 2026: - Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticat...

5CVSS6AI score0.0004EPSS

Exploits0References3

RedhatCVE•added 2026/03/11 7:8 a.m.•2 views

CVE-2026-27689

Due to an uncontrolled resource consumption Denial of Service vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution th...

7.7CVSS5.9AI score0.00098EPSS

Exploits0References1

EUVD•added 2026/03/10 6:31 p.m.•4 views

EUVD-2026-10462

Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially...

5CVSS5.9AI score0.0004EPSS

Exploits0References3

EUVD•added 2026/03/10 6:31 p.m.•2 views

EUVD-2026-10463

5CVSS5.9AI score0.0004EPSS

Exploits0References3

EUVD•added 2026/03/10 6:31 p.m.•3 views

EUVD-2026-10465

7.7CVSS5.9AI score0.00098EPSS

Exploits0References3

EUVD•added 2026/03/10 6:31 p.m.•3 views

EUVD-2026-10442

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced...

6.4CVSS5.9AI score0.00056EPSS

Exploits0References3

EUVD•added 2026/03/10 6:31 p.m.•1 views

EUVD-2026-10445

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentialit...

3.5CVSS5.9AI score0.0004EPSS

Exploits0References3

NVD•added 2026/03/10 5:38 p.m.•2 views

CVE-2026-27689

7.7CVSS0.00098EPSS

Exploits0References2

NVD•added 2026/03/10 5:38 p.m.•1 views

CVE-2026-27688

5CVSS0.0004EPSS

Exploits0References2

Rows per page