Lucene search
+L

3228 matches found

CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

SAP NetWeaver Application Server ABAP 数据伪造问题漏洞

SAP NetWeaver Application Server ABAP is a platform used by SAP, a German company, for the operation and development of applications written in the ABAP language. There is a vulnerability in SAP NetWeaver Application Server ABAP, which allows authenticated attackers to obtain valid signed message...

9.9CVSS5.3AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.11 views

CVE-2026-27680

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...

4.3CVSS5.5AI score0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.14 views

CVE-2026-27682

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver Application Server ABAP Applications based on Business Server Pages, an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the...

6.1CVSS5.4AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.12 views

CVE-2026-40135

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of...

6.5CVSS5.9AI score0.01398EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.11 views

SAP NetWeaver AS ABAP SQL Injection (3724838)

The version of SAP NetWeaver AS ABAP detected on the remote host is affected by a SQL injection vulnerability as referenced in SAP Security Note 3724838: - A SQL injection vulnerability exists in SAP S/4HANA SAP Enterprise Search for ABAP. An authenticated attacker with low privileges could explo...

9.6CVSS6.3AI score0.00466EPSS
Exploits0References3
NVD
NVD
added 2026/05/14 7:16 p.m.15 views

CVE-2026-27680

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...

4.3CVSS0.00173EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 6:33 p.m.37 views

CVE-2026-27680 CSS Injection vulnerability in SAP NetWeaver Application Server ABAP

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...

3.1CVSS0.00173EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 6:33 p.m.10 views

CVE-2026-27680 CSS Injection vulnerability in SAP NetWeaver Application Server ABAP

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...

3.1CVSS5.8AI score0.00173EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.15 views

PT-2026-41014

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP affected versions not specified Description Improper input handling under certain conditions allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. T...

4.3CVSS5.4AI score0.00173EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/12 3:31 a.m.11 views

EUVD-2026-29370

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver Application Server ABAP Applications based on Business Server Pages, an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the...

4.7CVSS5.8AI score0.00223EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 3:16 a.m.62 views

CVE-2026-40135

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of...

6.5CVSS0.01398EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 3:16 a.m.17 views

CVE-2026-27682

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver Application Server ABAP Applications based on Business Server Pages, an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the...

6.1CVSS0.00223EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 3:16 a.m.68 views

CVE-2026-40129

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

4.3CVSS0.00255EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:21 a.m.6 views

CVE-2026-40135

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of...

6.5CVSS6AI score0.01398EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/12 2:21 a.m.13 views

CVE-2026-40135 OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of...

6.5CVSS6AI score0.01398EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 2:19 a.m.47 views

CVE-2026-27682 Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages)

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver Application Server ABAP Applications based on Business Server Pages, an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the...

4.7CVSS0.00223EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 2:19 a.m.24 views

CVE-2026-27682

SAP NetWeaver Application Server ABAP (Apps based on Business Server Pages) is affected by a reflected XSS vulnerability. An unauthenticated attacker can craft a URL with an unprotected parameter; if a user clicks the link, the injected input is processed during web page generation, leading to ex...

6.1CVSS5.8AI score0.00223EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:19 a.m.14 views

CVE-2026-27682

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver Application Server ABAP Applications based on Business Server Pages, an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the...

4.7CVSS5.8AI score0.00223EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.17 views

PT-2026-39918

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP affected versions not specified Description A reflected cross-site scripting XSS issue exists in SAP NetWeaver Application Server ABAP within applications based on Business Server Pages. An unauthenticated...

6.1CVSS5.2AI score0.00223EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

SAP NetWeaver ABAP Platform和SAP NetWeaver Application Server for ABAP 代码注入漏洞

SAP NetWeaver ABAP Platform and SAP NetWeaver Application Server for ABAP are both products of SAP, a German company. SAP NetWeaver ABAP Platform is an integrated technology platform. SAP NetWeaver Application Server for ABAP is a core application server platform. Both SAP NetWeaver ABAP Platform...

4.3CVSS6AI score0.00255EPSS
Exploits0References1
Rows per page
Query Builder