Lucene search
K

4561 matches found

Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47534

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP and ABAP Platform affected versions not specified Description An authenticated attacker with normal privileges can obtain a valid signed message and send modified signed XML documents to the verifier. This...

9.9CVSS5.4AI score0.00231EPSS
Exploits0References25
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

SAP NetWeaver Application Server Java 安全漏洞

SAP NetWeaver Application Server Java is an application server provided by the German company SAP, which offers a Java runtime environment. This product is primarily used for developing and running Java EE applications. SAP NetWeaver Application Server Java has a security vulnerability that stems...

9CVSS5.3AI score0.00454EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.9 views

CVE-2026-27680

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...

4.3CVSS5.5AI score0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-27682

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver Application Server ABAP Applications based on Business Server Pages, an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the...

6.1CVSS5.4AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.9 views

CVE-2026-40135

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of...

6.5CVSS5.9AI score0.01398EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.19 views

SAP NetWeaver AS ABAP OS Command Injection (3730019)

The version of SAP NetWeaver AS ABAP detected on the remote host is affected by an OS command injection vulnerability as referenced in SAP Security Note 3730019: - An OS command injection vulnerability exists in SAP NetWeaver Application Server for ABAP and ABAP Platform. An authenticated attacke...

6.5CVSS5.8AI score0.01398EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.11 views

SAP NetWeaver AS ABAP Code Injection (3735359)

The version of SAP NetWeaver AS ABAP detected on the remote host is affected by a code injection vulnerability as referenced in SAP Security Note 3735359: - A code injection vulnerability exists in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform. An authenticated attacker with low...

4.3CVSS6AI score0.00255EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.10 views

SAP NetWeaver AS ABAP Reflected XSS (3728690)

The version of SAP NetWeaver AS ABAP detected on the remote host is affected by a reflected cross-site scripting XSS vulnerability as referenced in SAP Security Note 3728690: - A reflected cross-site scripting XSS vulnerability exists in SAP NetWeaver Application Server ABAP Applications based on...

6.1CVSS5.9AI score0.00223EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.11 views

SAP NetWeaver AS ABAP SQL Injection (3724838)

The version of SAP NetWeaver AS ABAP detected on the remote host is affected by a SQL injection vulnerability as referenced in SAP Security Note 3724838: - A SQL injection vulnerability exists in SAP S/4HANA SAP Enterprise Search for ABAP. An authenticated attacker with low privileges could explo...

9.6CVSS6.3AI score0.00466EPSS
Exploits0References3
NVD
NVD
added 2026/05/14 7:16 p.m.12 views

CVE-2026-27680

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...

4.3CVSS0.00173EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 6:33 p.m.32 views

CVE-2026-27680 CSS Injection vulnerability in SAP NetWeaver Application Server ABAP

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...

3.1CVSS0.00173EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 6:33 p.m.9 views

CVE-2026-27680 CSS Injection vulnerability in SAP NetWeaver Application Server ABAP

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...

3.1CVSS5.8AI score0.00173EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 6:33 p.m.19 views

CVE-2026-27680

CVE-2026-27680 – CSS injection in SAP NetWeaver Application Server ABAP . Improper input handling allows injecting custom CSS into web pages served by the ABAP server; when a user loads or clicks the affected page, the CSS executes. The impact is described as low for confidentiality with no impac...

4.3CVSS5.8AI score0.00173EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/14 6:33 p.m.10 views

EUVD-2026-30363

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...

3.1CVSS5.8AI score0.00173EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

SAP NetWeaver Application Server ABAP 安全漏洞

SAP NetWeaver Application Server ABAP is a platform used by SAP, a German company, for the operation and development of applications written in the ABAP language. There is a security vulnerability in SAP NetWeaver Application Server ABAP, which arises from improper handling of inputs under certai...

3.1CVSS5.8AI score0.00173EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.12 views

PT-2026-41014

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP affected versions not specified Description Improper input handling under certain conditions allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. T...

4.3CVSS5.4AI score0.00173EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/12 3:31 a.m.17 views

EUVD-2026-29366

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of...

6.5CVSS6AI score0.01398EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 3:31 a.m.8 views

EUVD-2026-29370

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver Application Server ABAP Applications based on Business Server Pages, an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the...

4.7CVSS5.8AI score0.00223EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 3:16 a.m.52 views

CVE-2026-40135

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of...

6.5CVSS0.01398EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 3:16 a.m.12 views

CVE-2026-27682

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver Application Server ABAP Applications based on Business Server Pages, an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the...

6.1CVSS0.00223EPSS
Exploits0References2
Rows per page
Query Builder