30 matches found
CVE-2026-24315
SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system...
CVE-2026-24315 Path Traversal Vulnerability in SAP Fiori (launchpad)
SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system...
CVE-2026-24315 Path Traversal Vulnerability in SAP Fiori (launchpad)
SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system...
CVE-2023-49584
SAP Fiori launchpad - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, UI700 200, SAPBASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application...
EUVD-2020-19361
Malware in sbrugna...
EUVD-2020-19351
Malware in sbrugna...
EUVD-2020-27360
Malware in sbrugna...
EUVD-2020-27433
Malware in sbrugna...
EUVD-2023-53536
Malicious code in bioql PyPI...
EUVD-2025-24213
Malicious code in bioql PyPI...
CVE-2025-42941
The CVE-2025-42941 entry describes a Reverse Tabnabbing issue in SAP Fiori (Launchpad) caused by insufficient external navigation protections on links. Affected software is SAP Fiori (Launchpad); the root cause is lack of proper navigation safeguards for anchor elements. Consequences stated incl...
CVE-2025-42941 Reverse Tabnabbing vulnerability in SAP Fiori (Launchpad)
SAP Fiori Launchpad is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary...
CVE-2020-6283
SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting XSS vulnerability. With a successful attack, the attacker can steal...
CVE-2020-6210
SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode user-controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, leading to reflected Cross-Site Scripting XSS vulnerability...
CVE-2020-26815
SAP Fiori Launchpad News tile Application, versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external...
CVE-2023-49584 Client-Side Desynchronization vulnerability in SAP Fiori Launchpad
SAP Fiori launchpad - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, UI700 200, SAPBASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application...
CVE-2023-49584 Client-Side Desynchronization vulnerability in SAP Fiori Launchpad
SAP Fiori launchpad - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, UI700 200, SAPBASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application...
CVE-2023-49584
CVE-2023-49584 affects SAP Fiori Launchpad components across multiple SAP_UI versions (750, 754–758), UI_700 200, and SAP_BASIS 793. The issue allows an attacker to issue HTTP POST requests against a read-only service, resulting in low confidentiality impact per the provided description. Root cau...
SAP Fiori Launchpad Cross-Site Scripting Vulnerability
SAP Fiori is SAP's user experience UX design system for SAP applications, which provides designers and developers with a set of tools and guidelines to quickly develop applications for any platform, providing a consistent, innovative experience for creators and users.SAP Fiori Launchpad is the SA...
CVE-2020-26825
SAP Fiori Launchpad News tile Application, versions - 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code, to a different end user victim, because News tile does not sufficiently encode user controlled inputs, resulting ...