86 matches found
CVE-2026-44746
Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...
CVE-2026-44746
An XSS vulnerability (reflected) in SAP NetWeaver Java (JDBC Test Servlet) allows an unauthenticated attacker to craft a URL containing malicious script. If a victim clicks the link, the injected input is processed during web page generation, causing the attacker’s code to run in the victim’s bro...
CVE-2026-44746 Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (JDBC Test Servlet)
Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...
CVE-2026-44746 Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (JDBC Test Servlet)
Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...
CVE-2026-27674
Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java Web Dynpro Java, an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, th...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several SAP products, including SAP Supplier Relationship Management, SAP BusinessObjects Business Intelligence Platform, SAP NetWeaver Application Server Java and ABAP, SAP Landscape Transformation, SAP Business Planning and Consolidation, SAP Business Warehouse,...
EUVD-2026-22146
Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java Web Dynpro Java, an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, th...
PT-2026-32554
Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server Java Web Dynpro Java affected versions not specified Description A code injection issue in the Web Dynpro Java component allows an unauthenticated attacker to provide crafted input that the application interpre...
SAP NetWeaver AS Java CRLF Injection (3673213)
The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a CRLF injection vulnerability as disclosed in the SAP Security Patch Day February 2026: - SAP NetWeaver Application Server Java is affected by a CRLF injection vulnerability. An attacker could exploit...
CVE-2026-23686
Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...
CVE-2026-23686 CRLF Injection vulnerability in SAP NetWeaver Application Server Java
Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...
SAP NetWeaver Command Injection (January 2026)
The version of SAP NetWeaver Application Server for Java detected on the remote host is affected by an SAP NetWeaver is affected by a server-side request forgery SSRF vulnerabilityas disclosed in the SAP Security Patch Day January 2026: - Due to an OS Command Injection vulnerability in SAP...
CVE-2026-0510
The CVE-2026-0510 entry concerns SAP NetWeaver Application Server for Java (NW AS Java) where the User Management Engine (UME) uses an obsolete cryptographic algorithm to encrypt User Mapping data. The documented impact is low confidentiality risk with no integrity/availability impact. Affected c...
CVE-2026-0510 Obsolete Encryption Algorithm Used in NW AS Java UME User Mapping
The User Management Engine UME in NetWeaver Application Server for Java NW AS Java utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially...
CVE-2025-42919
Due to an Information Disclosure vulnerability in SAP NetWeaver Application Server Java, internal metadata files could be accessed via manipulated URLs. An unauthenticated attacker could exploit this vulnerability by inserting arbitrary path components in the request, allowing unauthorized access...
SAP NetWeaver AS Java Insecure Deserialization (October 2025)
The version of SAP NetWeaver Application Server for Java detected on the remote host is affected by an insecure deserialization vulnerability as disclosed in the SAP Security Patch Day October 2025: - Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could explo...
New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login
SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The vulnerability, tracked as CVE-2025-42944, carries a CVSS score of 10.0. It has been described as a...
EUVD-2017-3078
Malware in sbrugna...
EUVD-2024-42534
Malicious code in bioql PyPI...
EUVD-2025-27201
Malicious code in bioql PyPI...