CVE-2026-44746

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

CVE-2026-44746 Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (JDBC Test Servlet)

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

CVE-2026-44746 Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (JDBC Test Servlet)

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

EUVD-2026-22146

Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java Web Dynpro Java, an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, th...

CVE-2026-23686

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

CVE-2025-42919

Due to an Information Disclosure vulnerability in SAP NetWeaver Application Server Java, internal metadata files could be accessed via manipulated URLs. An unauthenticated attacker could exploit this vulnerability by inserting arbitrary path components in the request, allowing unauthorized access...

SAP NetWeaver AS Java Insecure Deserialization (October 2025)

The version of SAP NetWeaver Application Server for Java detected on the remote host is affected by an insecure deserialization vulnerability as disclosed in the SAP Security Patch Day October 2025: - Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could explo...

EUVD-2017-3078

Malware in sbrugna...

EUVD-2024-42534

Malicious code in bioql PyPI...

CVE-2025-42926

SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Upon successfully exploitation, an unauthenticated attacker could access these files to gather additional sensitive information about the...

CVE-2025-42926 Missing Authentication check in SAP NetWeaver Application Server Java

SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Upon successfully exploitation, an unauthenticated attacker could access these files to gather additional sensitive information about the...

CVE-2025-42925 Predictable Object Identifier vulnerability in SAP NetWeaver AS Java (IIOP Service)

Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a brute force search. By leveraging knowledge of several identifiers generated close to the same time,...

CVE-2024-47588

In SAP NetWeaver Java Software Update Manager 1.1, under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the...

CVE-2019-0391

Under certain conditions SAP NetWeaver AS Java corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 allows an attacker to access information which would otherwise be restricted...

The vulnerability of the Adobe Document Service component in the SAP NetWeaver AS for Java software for creating and deploying web applications allows a perpetrator to compromise the confidentiality of protected information.

The vulnerability of the Adobe Document Service component in SAP NetWeaver AS for Java software for creating and deploying web applications is related to the leakage of file and directory information. Exploiting this vulnerability can allow an attacker to compromise the confidentiality of protect...

PT-2024-9338 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for Java affected versions not specified Description: The issue allows an attacker, authenticated as an administrator, to use an exposed webservice to upload or download a custom PDF font file on the system server. By...

The vulnerability of SAP NetWeaver Java software update, related to insufficient protection of registration data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SAP NetWeaver Java software update manager is related to insufficient protection of registration data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

CVE-2024-47588 Information Disclosure vulnerability in SAP NetWeaver Java (Software Update Manager)

In SAP NetWeaver Java Software Update Manager 1.1, under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the...

CVE-2024-47588 Information Disclosure vulnerability in SAP NetWeaver Java (Software Update Manager)

In SAP NetWeaver Java Software Update Manager 1.1, under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the...

The vulnerabilities of SAP NetWeaver AS ABAP, SAP NetWeaver AS for Java, SAP Content Server, and SAP Web Dispatcher integration platforms are related to authentication procedures that lack sufficient safeguards. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

Vulnerabilities of SAP NetWeaver AS ABAP, SAP NetWeaver AS for Java, SAP Content Server, and SAP Web Dispatcher programming integration platforms are related to deficiencies in authentication procedures. Exploiting these vulnerabilities can allow attackers to compromise the confidentiality,...