78 matches found
PT-2026-47532
SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...
CVE-2026-34257
Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the...
CVE-2026-40137 Cross-Site Scripting (XSS) vulnerability in Business Server Pages Application (TAF_APPLAUNCHER)
SAP TAFAPPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft malicious links that, when clicked by a victim, redirects them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on...
Unity Linux 20.1060e / 20.1070e Security Update: libxml2 (UTSA-2026-017421)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017421 advisory. There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could...
EUVD-2026-22168
Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the...
CVE-2026-27672 Missing Authorization check in Material Master Application
The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulting in the disclosure of sensitive information. This vulnerability has a low impact on confidentiality and does not affect integrity and availability of the system...
CVE-2026-34859
UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...
CVE-2025-62184
Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...
SAP NetWeaver AS ABAP SSRF (3689080)
The version of SAP NetWeaver AS ABAP and ABAP Platform detected on the remote host is affected by a server-side request forgery SSRF vulnerability as referenced in the SAP Security Patch Day March 2026: - SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, whic...
CVE-2026-24316
CVE-2026-24316 describes a Server-Side Request Forgery in SAP NetWeaver Application Server for ABAP. An ABAP Report used for testing can send HTTP requests to arbitrary internal or external endpoints, enabling interaction with potentially sensitive internal endpoints. The documented impact is low...
CVE-2025-62183
Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low...
CVE-2026-23681
Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan...
CVE-2026-0505
The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the...
CVE-2026-0505
CVE-2026-0505 affects BSP applications where unauthenticated users can manipulate user-controlled URL parameters that are not sufficiently validated, resulting in unvalidated redirects to attacker-controlled websites. Root cause: insufficient validation of URL parameters. Impact per provided metr...
CVE-2025-61634
A flaw was found in MediaWiki, associated with the includes/Rest/Handler/PageHTMLHandler.Php program file, which is involved in page handling. This vulnerability could potentially be exploited by a remote attacker without requiring special privileges, but it does necessitate user interaction. Bas...
CVE-2026-0503
Due to missing authorization check in the SAP ERP Central Component SAP ECC and SAP S/4HANA SAP EHS Management, an attacker could extract hardcoded clear-text credentials and bypass the password authentication check by manipulating user parameters. Upon successful exploitation, the attacker can...
CVE-2026-0511
SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has high impact on confidentiality and integrity of the application ,availability is not impacted...
CVE-2024-39591
SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application...
CVE-2025-23192
SAP BusinessObjects Business Intelligence BI Workspace allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session...
SAP BusinessObjects Business Intelligence Platform SSRF (December 2025)
The version of SAP BusinessObjects Business Intelligence Platform installed on the remote host is affected by a server-side request forgery vulnerability as disclosed in the SAP Security Patch Day December 2025: - SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote...