CVE-2026-27685

SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the host system...

CVE-2026-27685 Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration

SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the host system...

PT-2026-24161

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Enterprise Portal versions prior to 7.50 Description A privileged user uploading untrusted or malicious content that, when deserialized, could compromise the confidentiality, integrity, and availability of the host system. This...

CVE-2026-0499

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal...

PT-2026-2335

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Enterprise Portal affected versions not specified Description An unauthenticated attacker can inject malicious scripts into a URL parameter. These scripts are reflected in the server response and executed in a user's browser when...

CVE-2025-42872

CVE-2025-42872 describes a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal. An unauthenticated attacker can inject scripts that run in other users’ browsers, potentially stealing session cookies, tokens, and other sensitive information. The impact is characterized as l...

PT-2025-49762

Due to a Cross-Site Scripting XSS vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that execute in the context of other users� browsers, allowing the attacker to steal session cookies, tokens, and other sensitive information. As a result...

CVE-2025-42884

CVE-2025-42884 affects SAP NetWeaver Enterprise Portal. The issue allows an unauthenticated attacker to inject JNDI environment properties or pass a URL during JNDI lookup, enabling access to an unintended JNDI provider and potentially leading to disclosure or modification of server information (...

CVE-2025-42884 JNDI Injection vulnerability in SAP NetWeaver Enterprise Portal

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.�This could further lead to disclosure or modification of information about the server. There i...

PT-2025-46225

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Enterprise Portal affected versions not specified Description An unauthenticated attacker can inject JNDI environment properties or provide a URL during JNDI lookup operations. This could allow access to an unintended JNDI...

SAP NetWeaver Enterprise Portal 安全漏洞

SAP NetWeaver Enterprise Portal is a Web front-end component of SAP NetWeaver from SAP, Germany. A security vulnerability exists in SAP NetWeaver Enterprise Portal that originates from an unauthenticated attacker being able to inject JNDI environment properties or pass URLs used during a JNDI...

EUVD-2018-14220

Malware in sbrugna...

EUVD-2015-6600

Malware in sbrugna...

EUVD-2021-20382

Malware in sbrugna...

EUVD-2017-3081

Malware in sbrugna...

EUVD-2021-8762

Malicious code in bioql PyPI...

CVE-2022-24397

SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of...

CVE-2021-33705

The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery SSRF vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request e.g. POST, G...

CVE-2022-35170

SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting XSS vulnerability, therefore changing the scope of the attack. This leads to limited impact on...

SAP NetWeaver Portal 跨站脚本漏洞

SAP NetWeaver Portal is a component of SAP NetWeaver architecture from SAP Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Portal versions 7.30, 7.31, 7.40, and 7.50, which stems from a failure to adequately validate user-controlled input, and which can be exploited by an...