CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

359 matches found

RedhatCVE•added 2025/05/23 10:40 a.m.•3 views

CVE-2024-45278

SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application...

5.4CVSS6AI score0.00614EPSS

RedhatCVE•added 2025/05/23 9:44 a.m.•4 views

CVE-2024-21738

SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation...

5.4CVSS5.9AI score0.00198EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:42 a.m.•4 views

CVE-2024-37174

Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application...

6.1CVSS6.4AI score0.0059EPSS

RedhatCVE•added 2025/05/23 5:41 a.m.•3 views

CVE-2023-0013

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. On successful exploitation an...

6.1CVSS6AI score0.00432EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:6 a.m.•5 views

CVE-2023-49577

The SAP HCM SMART PAYE solution - versions S4HCMCIE 100, SAPHRCIE 600, SAPHRCIE 604, SAPHRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and...

6.1CVSS6AI score0.00108EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 4:56 a.m.•2 views

CVE-2023-33986

SAP CRM ABAP Grantor Management - versions 700, 701, 702, 712, 713, 714, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the applicatio...

6.1CVSS6AI score0.00526EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:1 a.m.•4 views

CVE-2023-33991

SAP UI5 Variant Management - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting Stored XSS vulnerability. After successful exploitation, an attacke...

8.2CVSS6AI score0.00274EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 12:48 a.m.•2 views

CVE-2022-22529

SAP Enterprise Threat Detection ETD - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its...

6.1CVSS6.2AI score0.00371EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:55 p.m.•5 views

CVE-2022-35297

The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting XSS vulnerability leading to limited impact on...

5.4CVSS5.7AI score0.00351EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:55 p.m.•3 views

CVE-2022-35172

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS6AI score0.00337EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:24 p.m.•1 views

CVE-2021-24857

The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded user input to the unserialize PHP function, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain...

9.8CVSS7.2AI score0.00795EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 6:52 p.m.•2 views

CVE-2021-43561

An XSS issue was discovered in the googleforjobs aka Google for Jobs extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

5.4CVSS5.8AI score0.00206EPSS

RedhatCVE•added 2025/05/22 5:30 p.m.•1 views

CVE-2020-6283

SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting XSS vulnerability. With a successful attack, the attacker can steal...

6.1CVSS6AI score0.00361EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:30 p.m.•1 views

CVE-2020-6246

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXTTABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS5.9AI score0.00273EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:29 p.m.•3 views

CVE-2020-6257

SAP Business Objects Business Intelligence Platform CMC and BI Launchpad 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability...

5.4CVSS6.2AI score0.00162EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:5 p.m.•5 views

CVE-2020-6216

SAP Business Objects Business Intelligence Platform BI Launchpad, version 4.2, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS6AI score0.00243EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:46 p.m.•5 views

CVE-2020-6370

SAP NetWeaver Design Time Repository DTR, versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

4.8CVSS6AI score0.00206EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:45 p.m.•5 views

CVE-2020-6305

PI Rest Adapter of SAP Process Integration update provided in SAPXIAF 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6.1CVSS6AI score0.0028EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:45 p.m.•7 views

CVE-2020-6220

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. Exploit is possible only when the bttoken in victim’s session is active...

4.7CVSS6AI score0.00149EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:45 p.m.•5 views

CVE-2020-6222

SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

5.4CVSS5.9AI score0.00235EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by