Lucene search
+L

360 matches found

Vulnrichment
Vulnrichment
added 2026/03/10 12:18 a.m.3 views

CVE-2026-27686 Missing Authorization check in SAP Business Warehouse (Service API)

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

5.9CVSS5.8AI score0.00215EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/17 10:53 p.m.3 views

CVE-2025-62183

Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low...

4.8CVSS5.5AI score0.00251EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/11 7:30 a.m.12 views

CVE-2026-23686

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

3.4CVSS5.6AI score0.00164EPSS
Exploits0References1
OSV
OSV
added 2026/02/10 4:16 a.m.8 views

CVE-2026-24326

Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low impact on integrity, with no impact on...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References2
OSV
OSV
added 2026/02/10 4:16 a.m.5 views

CVE-2026-23686

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

3.4CVSS5.7AI score0.00164EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/10 3:4 a.m.10 views

CVE-2026-24326 Missing authorization check in SAP S/4HANA Defense & Security (Disconnected Operations)

Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low impact on integrity, with no impact on...

4.3CVSS5.5AI score0.00198EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/10 3:4 a.m.3 views

CVE-2026-24323 Multiple vulnerabilities in BSP Applications of SAP Document Management System

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...

6.1CVSS5.5AI score0.00206EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.14 views

PT-2026-7213

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

3.4CVSS5.6AI score0.00164EPSS
Exploits0References3
OSV
OSV
added 2026/01/13 2:15 a.m.7 views

CVE-2026-0513

Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application...

4.7CVSS5.8AI score0.00171EPSS
Exploits0References2
NVD
NVD
added 2026/01/13 2:15 a.m.11 views

CVE-2026-0513

Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application...

4.7CVSS0.00171EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/13 1:15 a.m.3 views

CVE-2026-0513 Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog)

Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application...

4.7CVSS6.4AI score0.00171EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:53 a.m.10 views

CVE-2020-10866

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service AvastSvc.exe allows attackers to enumerate the network interfaces and access points from a Low Integrity process via RPC...

7.5CVSS7AI score0.01171EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:52 a.m.12 views

CVE-2020-10863

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service AvastSvc.exe allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine...

7.5CVSS7AI score0.02033EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.6 views

CVE-2025-23187

Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an unauthenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability...

5.3CVSS6.9AI score0.00274EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-201855

Due to a Cross-Site Scripting XSS vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that execute in the context of other users� browsers, allowing the attacker to steal session cookies, tokens, and other sensitive information. As a result...

6.1CVSS5.4AI score0.00221EPSS
Exploits0References3
CVE
CVE
added 2025/12/09 2:13 a.m.21 views

CVE-2025-42872

CVE-2025-42872 describes a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal. An unauthenticated attacker can inject scripts that run in other users’ browsers, potentially stealing session cookies, tokens, and other sensitive information. The impact is characterized as l...

6.1CVSS5.5AI score0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/11 4:49 p.m.10 views

CVE-2025-24307

Improper privilege management for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data manipulation. This...

2.3CVSS0.00182EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/11 4:49 p.m.3 views

CVE-2025-20056

Improper input validation for some Intel VTune Profiler before version 2025.1 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable data manipulation. This result may...

4.8CVSS6.1AI score0.0012EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/11 3:30 a.m.6 views

EUVD-2025-60995

Migration Workbench DX Workbench in SAP NetWeaver Application Server for ABAP fails to trigger a malware scan when an attacker with administrative privileges uploads files to the application server. An attacker could leverage this and upload a malicious file into the system. This results in a low...

2.7CVSS6.2AI score0.00244EPSS
Exploits0References3
NVD
NVD
added 2025/11/11 1:15 a.m.28 views

CVE-2025-42889

SAP Starter Solution allows an authenticated attacker to execute crafted database queries, thereby exposing the back-end database. As a result, this vulnerability has a low impact on the application's confidentiality and integrity but no impact on its availability...

5.4CVSS0.00181EPSS
Exploits0References2
Rows per page
Query Builder