Lucene search
K

78 matches found

Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-47532

SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.10 views

CVE-2026-34257

Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the...

6.1CVSS5.4AI score0.00155EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 2:23 a.m.42 views

CVE-2026-40137 Cross-Site Scripting (XSS) vulnerability in Business Server Pages Application (TAF_APPLAUNCHER)

SAP TAFAPPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft malicious links that, when clicked by a victim, redirects them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on...

6.1CVSS0.00211EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Unity Linux 20.1060e / 20.1070e Security Update: libxml2 (UTSA-2026-017421)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017421 advisory. There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could...

8.8CVSS6.8AI score0.03653EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/14 12:8 a.m.13 views

EUVD-2026-22168

Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/14 12:6 a.m.26 views

CVE-2026-27672 Missing Authorization check in Material Master Application

The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulting in the disclosure of sensitive information. This vulnerability has a low impact on confidentiality and does not affect integrity and availability of the system...

4.3CVSS0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/13 4:7 a.m.30 views

CVE-2026-34859

UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

5.9CVSS0.00077EPSS
Exploits0References2
NVD
NVD
added 2026/03/31 6:16 p.m.16 views

CVE-2025-62184

Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...

4.8CVSS0.00258EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.5 views

SAP NetWeaver AS ABAP SSRF (3689080)

The version of SAP NetWeaver AS ABAP and ABAP Platform detected on the remote host is affected by a server-side request forgery SSRF vulnerability as referenced in the SAP Security Patch Day March 2026: - SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, whic...

6.4CVSS5.9AI score0.00163EPSS
Exploits0References3
CVE
CVE
added 2026/03/10 12:17 a.m.10 views

CVE-2026-24316

CVE-2026-24316 describes a Server-Side Request Forgery in SAP NetWeaver Application Server for ABAP. An ABAP Report used for testing can send HTTP requests to arbitrary internal or external endpoints, enabling interaction with potentially sensitive internal endpoints. The documented impact is low...

6.4CVSS5.9AI score0.00163EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/19 1:27 a.m.6 views

CVE-2025-62183

Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low...

4.8CVSS5.5AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/11 7:30 a.m.5 views

CVE-2026-23681

Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan...

4.3CVSS5.5AI score0.00168EPSS
Exploits0References1
OSV
OSV
added 2026/02/10 4:16 a.m.3 views

CVE-2026-0505

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the...

6.1CVSS5.8AI score
Exploits0References2
CVE
CVE
added 2026/02/10 3:1 a.m.18 views

CVE-2026-0505

CVE-2026-0505 affects BSP applications where unauthenticated users can manipulate user-controlled URL parameters that are not sufficiently validated, resulting in unvalidated redirects to attacker-controlled websites. Root cause: insufficient validation of URL parameters. Impact per provided metr...

6.1CVSS5.6AI score0.00211EPSS
Exploits0References2Affected Software3
RedhatCVE
RedhatCVE
added 2026/02/03 2:7 p.m.6 views

CVE-2025-61634

A flaw was found in MediaWiki, associated with the includes/Rest/Handler/PageHTMLHandler.Php program file, which is involved in page handling. This vulnerability could potentially be exploited by a remote attacker without requiring special privileges, but it does necessitate user interaction. Bas...

3.1CVSS5.2AI score0.00273EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/14 1:22 a.m.4 views

CVE-2026-0503

Due to missing authorization check in the SAP ERP Central Component SAP ECC and SAP S/4HANA SAP EHS Management, an attacker could extract hardcoded clear-text credentials and bypass the password authentication check by manipulating user parameters. Upon successful exploitation, the attacker can...

6.4CVSS6.7AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 2026/01/13 2:15 a.m.9 views

CVE-2026-0511

SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has high impact on confidentiality and integrity of the application ,availability is not impacted...

8.1CVSS0.0026EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:4 a.m.8 views

CVE-2024-39591

SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application...

5.3CVSS7.3AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:47 a.m.3 views

CVE-2025-23192

SAP BusinessObjects Business Intelligence BI Workspace allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session...

8.2CVSS8.1AI score0.00342EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.8 views

SAP BusinessObjects Business Intelligence Platform SSRF (December 2025)

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote host is affected by a server-side request forgery vulnerability as disclosed in the SAP Security Patch Day December 2025: - SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote...

5.4CVSS5.6AI score0.00271EPSS
Exploits0References3
Rows per page
Query Builder