Lucene search
K

21902 matches found

NVD
NVD
added 2026/04/14 12:16 a.m.4 views

CVE-2026-27677

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Reference Equipment, an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not...

6.5CVSS0.00181EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 12:7 a.m.12 views

EUVD-2026-22152

Due to missing authorization checks in the SAP S/4HANA frontend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:7 a.m.1 views

CVE-2026-27679

Due to missing authorization checks in the SAP S/4HANA frontend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/14 12:7 a.m.30 views

CVE-2026-27679 Missing Authorization check in SAP S/4HANA Frontend OData Service (Manage Reference Structures)

Due to missing authorization checks in the SAP S/4HANA frontend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

6.5CVSS0.00181EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 12:7 a.m.8 views

CVE-2026-27678

CVE-2026-27678 affects SAP S/4HANA backend OData Service (Manage Reference Structures); missing authorization checks allow updating and deleting child entities via exposed OData. Impact: integrity high; no confidentiality/availability impact. See SAP notes and security patch day for mitigations.

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:7 a.m.2 views

CVE-2026-27678

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/14 12:7 a.m.24 views

CVE-2026-27678 Missing Authorization check in SAP S/4HANA Backend OData Service (Manage Reference Structures)

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

6.5CVSS0.00181EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 12:7 a.m.8 views

EUVD-2026-22150

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/14 12:7 a.m.23 views

CVE-2026-27677 Missing Authorization check in SAP S/4HANA OData Service (Manage Reference Equipment)

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Reference Equipment, an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not...

6.5CVSS0.00181EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 12:7 a.m.13 views

CVE-2026-27677

The CVE affects SAP S/4HANA OData Service (Manage Reference Equipment). Missing authorization checks allow an attacker to update and delete child entities via OData, leading to integrity impact with no confidentiality or availability effects. Reported under CVSS 3.1: Network vector, Low attack co...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/14 12:7 a.m.2 views

CVE-2026-27677 Missing Authorization check in SAP S/4HANA OData Service (Manage Reference Equipment)

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Reference Equipment, an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:7 a.m.2 views

CVE-2026-27677

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Reference Equipment, an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/14 12:7 a.m.2 views

EUVD-2026-22149

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Reference Equipment, an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.7 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilities stemmed fr...

6.5CVSS5.9AI score0.00227EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.5 views

SAP S/4HANA OData Service 安全漏洞

The SAP S/4HANA OData Service is an enterprise system data interface and service integration component provided by SAP, a German company. There is a security vulnerability in the SAP S/4HANA OData Service Manage Reference Structures, which stems from the lack of authorization checks. This...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.10 views

PT-2026-32559

Due to missing authorization checks in the SAP S/4HANA frontend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.4 views

PT-2026-32925

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the load gif function in fromgif.c, where a single sixel frame t object is reused across all frames of an animated GIF and gif init frame...

7CVSS5.8AI score0.00191EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32558

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32933

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/course rel users endpoint is vulnerable to Insecure Direct Object Reference IDOR, allowing an authenticated attacker to modify the user parameter in the request body to enroll any arbitrary user in...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32578

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file .xlsx via the...

8.8CVSS5.8AI score0.00532EPSS
Exploits1References4
Rows per page
Query Builder