Lucene search
K

4562 matches found

NVD
NVD
added 2026/05/12 3:16 a.m.67 views

CVE-2026-40129

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

4.3CVSS0.00255EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:21 a.m.6 views

CVE-2026-40135

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of...

6.5CVSS6AI score0.01398EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 2:21 a.m.81 views

CVE-2026-40135 OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of...

6.5CVSS0.01398EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 2:21 a.m.13 views

CVE-2026-40135 OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of...

6.5CVSS6AI score0.01398EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 2:21 a.m.18 views

CVE-2026-40135

This CVE concerns SAP NetWeaver Application Server for ABAP and ABAP Platform. An OS Command Injection allows an authenticated attacker with administrative privileges to execute arbitrary shell commands on the server, bypassing the logging mechanism and potentially impacting integrity and availab...

6.5CVSS6AI score0.01398EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/12 2:20 a.m.7 views

CVE-2026-40129 Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

4.3CVSS6.3AI score0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 2:20 a.m.39 views

CVE-2026-40129 Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

4.3CVSS0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 2:19 a.m.41 views

CVE-2026-27682 Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages)

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver Application Server ABAP Applications based on Business Server Pages, an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the...

4.7CVSS0.00223EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:19 a.m.11 views

CVE-2026-27682

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver Application Server ABAP Applications based on Business Server Pages, an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the...

4.7CVSS5.8AI score0.00223EPSS
Exploits0References3
CVE
CVE
added 2026/05/12 2:19 a.m.19 views

CVE-2026-27682

SAP NetWeaver Application Server ABAP (Apps based on Business Server Pages) is affected by a reflected XSS vulnerability. An unauthenticated attacker can craft a URL with an unprotected parameter; if a user clicks the link, the injected input is processed during web page generation, leading to ex...

6.1CVSS5.8AI score0.00223EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/12 2:19 a.m.9 views

CVE-2026-27682 Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages)

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver Application Server ABAP Applications based on Business Server Pages, an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the...

4.7CVSS5.8AI score0.00223EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.37 views

PT-2026-39923

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

4.3CVSS6.3AI score0.00255EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

SAP NetWeaver ABAP Platform和SAP NetWeaver Application Server for ABAP 代码注入漏洞

SAP NetWeaver ABAP Platform and SAP NetWeaver Application Server for ABAP are both products of SAP, a German company. SAP NetWeaver ABAP Platform is an integrated technology platform. SAP NetWeaver Application Server for ABAP is a core application server platform. Both SAP NetWeaver ABAP Platform...

4.3CVSS6AI score0.00255EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-39918

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP affected versions not specified Description A reflected cross-site scripting XSS issue exists in SAP NetWeaver Application Server ABAP within applications based on Business Server Pages. An unauthenticated...

6.1CVSS5.2AI score0.00223EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

SAP NetWeaver ABAP Platform和SAP NetWeaver Application Server for ABAP 命令注入漏洞

SAP NetWeaver ABAP Platform and SAP NetWeaver Application Server for ABAP are both products of SAP, a German company. SAP NetWeaver ABAP Platform is an integrated technology platform. SAP NetWeaver Application Server for ABAP is a core application server platform. Both SAP NetWeaver ABAP Platform...

6.5CVSS5.9AI score0.01398EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.26 views

PT-2026-39928

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP and ABAP Platform affected versions not specified Description An OS Command Injection issue allows an authenticated attacker with administrative access to execute specially crafted shell commands on th...

6.5CVSS6AI score0.01398EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.9 views

SAP NetWeaver AS Java Code Injection (3719397)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a code injection vulnerability as disclosed in the SAP Security Patch Day April 2026: - Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java Web Dynpro Java, an unauthenticate...

6.1CVSS6.2AI score0.00192EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.6 views

SAP NetWeaver AS ABAP Open Redirect (3692004)

The version of SAP NetWeaver AS ABAP and ABAP Platform detected on the remote host is affected by an open redirect vulnerability as referenced in the SAP Security Patch Day April 2026: - Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/15 7:23 a.m.4 views

CVE-2026-27674

Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java Web Dynpro Java, an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, th...

6.1CVSS6.1AI score0.00192EPSS
Exploits0References1
NCSC
NCSC
added 2026/04/14 12:55 p.m.7 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several SAP products, including SAP Supplier Relationship Management, SAP BusinessObjects Business Intelligence Platform, SAP NetWeaver Application Server Java and ABAP, SAP Landscape Transformation, SAP Business Planning and Consolidation, SAP Business Warehouse,...

9.9CVSS5.9AI score0.00501EPSS
Exploits2References1
Rows per page
Query Builder