SAP NetWeaver Application Server Java 代码注入漏洞

SAP NetWeaver Application Server Java is an application server provided by the German company SAP, which offers a Java runtime environment. This product is primarily used for developing and running Java EE applications. SAP NetWeaver Application Server Java has a code injection vulnerability; thi...

CVE-2026-23686

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

CVE-2026-23686

CVE-2026-23686 concerns SAP NetWeaver Application Server Java. It describes a CRLF Injection vulnerability where an authenticated, admin-level attacker can submit crafted content to the application, allowing injection of untrusted entries into generated configuration and manipulation of applicati...

EUVD-2025-205508

A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cookie Handler. Executing manipulation can lead to improper authentication. The attack can be launche...

Xiaozhi ESP32 Server Java 授权问题漏洞

Xiaozhi ESP32 Server Java is a Java enterprise management platform for joey individual developers. An authorization issue vulnerability exists in Xiaozhi ESP32 Server Java 3.0.0 and earlier versions, which stems from a misbehavior of the function tryAuthenticateWithCookies in the file...

CVE-2025-42919

CVE-2025-42919 affects the SAP NetWeaver Application Server Java. The vulnerability is an information disclosure caused by improper restriction of path components, allowing an unauthenticated attacker to access internal metadata files by crafting URLs. The impact is partial confidentiality loss; ...

SAP NetWeaver Application Server Java 路径遍历漏洞

SAP NetWeaver Application Server Java is an application server from SAP Germany that provides a Java runtime environment. The product is primarily used to develop and run Java EE applications. A path traversal vulnerability exists in SAP NetWeaver Application Server Java, which stems from the...

EUVD-2022-41864

Malicious code in bioql PyPI...

EUVD-2025-21509

Malicious code in bioql PyPI...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including in SAP NetWeaver, SAP NetWeaver Application Server Java and SAP Landscape Transformation. The vulnerabilities are in the RMI-P4 module and the SAP NetWeaver AS Java platform, among others. The vulnerability with reference CVE-2025-42944...

PT-2025-36556

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server Java affected versions not specified Description: SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application...

SAP NetWeaver AS Java 安全漏洞

SAP NetWeaver AS Java is a platform system from SAP, a German company. A security vulnerability exists in SAP NetWeaver AS Java that stems from a lack of randomness and could lead to predictive identifiers...

SAP NetWeaver Application Server Java 安全漏洞

SAP NetWeaver Application Server Java is an application server from SAP Germany that provides a Java runtime environment. The product is primarily used for developing and running Java EE applications. A security vulnerability exists in SAP NetWeaver Application Server Java that stems from...

CVE-2023-24526

SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. This failure has a low impact on confidentiality of the data such that an unassigned user c...

CVE-2020-6319

SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal...

CVE-2025-3382

The CVE-2025-3382 entry concerns joey-zhou xiaozhi-esp32-server-java. Affects the update function of the /api/user/update endpoint, where manipulation of the state argument causes SQL injection. The vulnerability is exploitable remotely and is supported by public disclosures. No version details f...

CVE-2025-3382 joey-zhou xiaozhi-esp32-server-java update sql injection

A vulnerability has been found in joey-zhou xiaozhi-esp32-server-java up to a14fe8115842ee42ab5c7a51706b8a85db5200b7 and classified as critical. This vulnerability affects the function update of the file /api/user/update. The manipulation of the argument state leads to sql injection. The attack c...

Xiaozhi ESP32 Server Java 注入漏洞

Xiaozhi ESP32 Server Java is a Java Enterprise Management Platform by joey Personal Developer. Xiaozhi ESP32 Server Java suffers from an injection vulnerability that stems from an incorrect manipulation of the parameter state that can lead to SQL injection...

SAP NetWeaver Application Server Java Authorization Issues Vulnerability

SAP NetWeaver Application Server Java is an application server from SAP. An authorization issue vulnerability exists in SAP NetWeaver Application Server Java, which arises from the program not properly checking the authorization of the service endpoint, no details of the vulnerability are availab...

SAP NetWeaver Application Server Java Cross-Site Scripting Vulnerability

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server Java, which can be...