231 matches found
PT-2026-7202
In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted...
PT-2026-7207
Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP and ABAP Platform affected versions not specified Description An authenticated, low-privileged user can execute background Remote Function Calls without the necessary S RFC authorization in specific...
Denial Of Service (DoS)
SvelteKit is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to unbounded memory allocation when processing crafted binary form payloads in the experimental form remote function, allowing attackers to exhaust server memory and disrupt service availability...
CVE-2026-22803
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate...
CVE-2026-22803 SvelteKit has a memory amplification DoS in Remote Functions binary form deserializer
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate...
EUVD-2026-2789
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate...
CVE-2026-22803
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate...
PT-2026-3094
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate...
CVE-2026-0491
SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively...
CVE-2026-0498
SAP S/4HANA Private Cloud and On-Premise allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability...
CVE-2026-0506
The CVE-2026-0506 issue affects SAP NetWeaver ABAP/ABAP Platform (Application Server ABAP) and is caused by a Missing Authorization Check in an RFC function that can execute FORM routines. An authenticated attacker could write/modify data accessible via FORMs and invoke system functionality expos...
CVE-2026-0498
CVE-2026-0498 affects SAP S/4HANA (Private Cloud and On-Premise). The vulnerability exists in a function module exposed via RFC, where an attacker with admin privileges can inject arbitrary ABAP code or OS commands, bypassing authorization checks and creating a backdoor that could lead to full sy...
CVE-2026-0498 Code Injection vulnerability in SAP S/4HANA (Private Cloud and On-Premise)
SAP S/4HANA Private Cloud and On-Premise allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability...
CVE-2026-0498 Code Injection vulnerability in SAP S/4HANA (Private Cloud and On-Premise)
SAP S/4HANA Private Cloud and On-Premise allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability...
CVE-2026-0491 Code Injection vulnerability in SAP Landscape Transformation
SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively...
CVE-2026-0491 Code Injection vulnerability in SAP Landscape Transformation
SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server that stems from a lack of authorization checking and could allow an authenticated attacker to misuse RFC functions to execute form routines in the ABAP...
PT-2026-2327
Name of the Vulnerable Software and Affected Versions SAP Landscape Transformation affected versions not specified Description The software contains a flaw in a function module exposed via Remote Function Call RFC that allows an attacker with administrative privileges to inject arbitrary ABAP cod...
PT-2026-2334
Name of the Vulnerable Software and Affected Versions SAP S/4HANA Private Cloud and On-Premise affected versions not specified Description The software contains a flaw in a function module exposed via Remote Function Call RFC. An attacker with administrative privileges can exploit this to inject...
SAP Landscape Transformation 代码注入漏洞
SAP Landscape Transformation is a tool for system data migration and integration from SAP, Germany. SAP Landscape Transformation suffers from a code injection vulnerability that originates from an attacker being able to inject arbitrary ABAP code or OS commands via RFC-exposed function modules,...