Lucene search
K

4581 matches found

NVD
NVD
added yesterday6 views

CVE-2026-44752

SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data...

8.2CVSS0.00263EPSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-44759

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal...

6.1CVSS0.00172EPSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-44747

SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and...

9.9CVSS0.00439EPSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-44760

Due to a Cross-Site Scripting XSS vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response which allows an attacker to inject and execute arbitrary JavaScript code under certain conditions...

4.7CVSS0.00142EPSS
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-44760

The CVE-2026-44760 entry concerns a Cross-Site Scripting (XSS) in SAP NetWeaver Application Server ABAP-based applications that use the Business Server Pages framework. The vulnerability arises from unsanitized input being reflected in the HTTP response, enabling an attacker to inject and execute...

4.7CVSS6.3AI score0.00142EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-43590

Due to a Cross-Site Scripting XSS vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response which allows an attacker to inject and execute arbitrary JavaScript code under certain conditions...

4.7CVSS6.3AI score0.00142EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday19 views

CVE-2026-44760 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on Business Server Pages)

Due to a Cross-Site Scripting XSS vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response which allows an attacker to inject and execute arbitrary JavaScript code under certain conditions...

4.7CVSS0.00142EPSS
Exploits0References2
CVE
CVE
added yesterday14 views

CVE-2026-44759

CVE-2026-44759 affects SAP NetWeaver Enterprise Portal. An unauthenticated attacker can inject malicious scripts into a URL parameter, with scripts reflected in server responses and executed in the user’s browser when the crafted URL is visited. This leads to theft of session information, manipul...

6.1CVSS6.1AI score0.00172EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-43589

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal...

6.1CVSS6.1AI score0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday20 views

CVE-2026-44759 Cross Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal...

6.1CVSS0.00172EPSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-43587

SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data...

8.2CVSS6.1AI score0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday20 views

CVE-2026-44752 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java(Configuration Wizard)

SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data...

8.2CVSS0.00263EPSS
Exploits0References2
CVE
CVE
added yesterday17 views

CVE-2026-44752

CVE-2026-44752 affects SAP NetWeaver Application Server Java (often noted with the Configuration Wizard). The vulnerability is a Cross-Site Scripting (XSS) issue where an unauthenticated attacker can inject malicious JavaScript through crafted URLs. When a victim loads such a URL, the script runs...

8.2CVSS6.1AI score0.00263EPSS
Exploits0References2
CVE
CVE
added yesterday36 views

CVE-2026-44747

CVE-2026-44747 affects SAP NetWeaver Application Server ABAP. An authenticated attacker can exploit logical errors in memory management to trigger memory corruption, leading to unauthorized data access, modification, or system unavailability. Impact is described as high for confidentiality, integ...

9.9CVSS6.1AI score0.00439EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday19 views

CVE-2026-44747 Memory Corruption vulnerability in SAP NetWeaver Application Server ABAP

SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and...

9.9CVSS0.00439EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-43586

SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and...

9.9CVSS6.1AI score0.00439EPSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago144 views

SAP NetWeaver Development Infrastructure - Server Side Request Forgery

Server-Side Request Forgery SSRF vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the...

9.9CVSS7AI score0.67699EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.235 views

SAP Memory Pipes (MPI) Desynchronization

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable to request smuggling and request concatenation attacks. An unauthenticated attacker can prepend a victim's request with arbitrary data. This...

10CVSS7.7AI score0.97945EPSS
Exploits8References5
Nuclei
Nuclei
added 2026/06/25 5:45 a.m.184 views

SAP NetWeaver Visual Composer Metadata Uploader - Deserialization

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availabili...

10CVSS7.4AI score0.99359EPSS
Exploits18References4
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.167 views

SAP NetWeaver Application Server Java 7.5 - Local File Inclusion

SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. dot dot in the query string, as exploited in the wild in August 2017, aka SAP Security Note...

7.5CVSS8.7AI score0.94557EPSS
Exploits3References5
Rows per page
Query Builder