Lucene search
K

3226 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-44752

SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data...

8.2CVSS0.00263EPSS
Exploits0References2
NVD
NVD
added 2 days ago6 views

CVE-2026-44747

SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and...

9.9CVSS0.00439EPSS
Exploits0References2
NVD
NVD
added 2 days ago6 views

CVE-2026-44759

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal...

6.1CVSS0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-44760 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on Business Server Pages)

Due to a Cross-Site Scripting XSS vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response which allows an attacker to inject and execute arbitrary JavaScript code under certain conditions...

4.7CVSS0.00142EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43590

Due to a Cross-Site Scripting XSS vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response which allows an attacker to inject and execute arbitrary JavaScript code under certain conditions...

4.7CVSS6.3AI score0.00142EPSS
Exploits0References2
CVE
CVE
added 2 days ago14 views

CVE-2026-44759

CVE-2026-44759 affects SAP NetWeaver Enterprise Portal. An unauthenticated attacker can inject malicious scripts into a URL parameter, with scripts reflected in server responses and executed in the user’s browser when the crafted URL is visited. This leads to theft of session information, manipul...

6.1CVSS6.1AI score0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-44759 Cross Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal...

6.1CVSS0.00172EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43589

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal...

6.1CVSS6.1AI score0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-44752 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java(Configuration Wizard)

SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data...

8.2CVSS0.00263EPSS
Exploits0References2
CVE
CVE
added 2 days ago18 views

CVE-2026-44752

CVE-2026-44752 affects SAP NetWeaver Application Server Java (often noted with the Configuration Wizard). The vulnerability is a Cross-Site Scripting (XSS) issue where an unauthenticated attacker can inject malicious JavaScript through crafted URLs. When a victim loads such a URL, the script runs...

8.2CVSS6.1AI score0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-44747 Memory Corruption vulnerability in SAP NetWeaver Application Server ABAP

SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and...

9.9CVSS0.00439EPSS
Exploits0References2
CVE
CVE
added 2 days ago38 views

CVE-2026-44747

CVE-2026-44747 affects SAP NetWeaver Application Server ABAP. An authenticated attacker can exploit logical errors in memory management to trigger memory corruption, leading to unauthorized data access, modification, or system unavailability. Impact is described as high for confidentiality, integ...

9.9CVSS6.1AI score0.00439EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-57937

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP affected versions not specified Description An authenticated attacker can exploit logical errors in memory management to trigger an out-of-bounds write, resulting in memory corruption. This issue can lead ...

9.9CVSS6.2AI score0.00439EPSS
Exploits0References21
Nuclei
Nuclei
added 3 days ago144 views

SAP NetWeaver Development Infrastructure - Server Side Request Forgery

Server-Side Request Forgery SSRF vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the...

9.9CVSS7AI score0.67699EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.235 views

SAP Memory Pipes (MPI) Desynchronization

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable to request smuggling and request concatenation attacks. An unauthenticated attacker can prepend a victim's request with arbitrary data. This...

10CVSS7.7AI score0.97945EPSS
Exploits8References5
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.14 views

SAP NetWeaver AS Java Apache Log4j Vulnerability (3726899)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a vulnerability in the Apache Log4j library as referenced in SAP Security Note 3726899: - The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...

6.3CVSS6.1AI score0.00743EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.14 views

SAP NetWeaver AS Java Reflected XSS (3723655)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a reflected cross-site scripting vulnerability as referenced in SAP Security Note 3723655: - Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an...

6.1CVSS5.4AI score0.00199EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.16 views

SAP NetWeaver AS Java Directory Traversal (3727078)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a directory traversal vulnerability as referenced in SAP Security Note 3727078: - SAP NetWeaver Application Server Java Web Container allows an unauthenticated attacker to craft a malicious HTTP logon...

9CVSS5.4AI score0.00454EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.74 views

SAP NetWeaver AS ABAP Memory Corruption (3717897)

The version of SAP NetWeaver AS ABAP and ABAP Platform detected on the remote host is affected by a memory corruption vulnerability as referenced in SAP Security Note 3717897: - Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP...

9.8CVSS5.8AI score0.00437EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.13 views

SAP NetWeaver AS ABAP Missing Authorization Check (3735546)

The version of SAP NetWeaver AS ABAP and ABAP Platform detected on the remote host is affected by a missing authorization check vulnerability as referenced in SAP Security Note 3735546: - Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an...

7.1CVSS5.6AI score0.00207EPSS
Exploits0References2
Rows per page
Query Builder