CVE-2026-40136

SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availability. There is no impact on confidentiality and integrity ...

SAP S/4HANA Condition Maintenance 安全漏洞

SAP S/4HANA Condition Maintenance is a conditional maintenance function module developed by SAP, a German company, dedicated to enterprise sales, procurement, and pricing rule management. There is a security vulnerability in SAP S/4HANA Condition Maintenance. This vulnerability stems from the lac...

CVE-2026-27674

Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java Web Dynpro Java, an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, th...

EUVD-2026-22170

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects...

PT-2026-32568

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects...

CVE-2026-23683 Missing Authorization check in SAP Fiori App (Intercompany Balance Reconciliation)

SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on confidentiality, integrity and availability are not impacted...

CVE-2025-42875 Missing Authentication check in SAP NetWeaver Internet Communication Framework

The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the...

SAP Solution Manager 代码注入漏洞

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

CVE-2025-42899

CVE-2025-42899 affects SAP S4CORE (Manage journal entries). The authenticated user can exploit missing authorization checks to escalate privileges within the application. The described impact is limited to confidentiality (low) with no noted impact on integrity or availability. According to the p...

SAP GUI for Windows 安全漏洞

SAP GUI for Windows is an interface graphics software for Windows from SAP, Germany. A security vulnerability exists in SAP GUI for Windows that originates from an elevated privilege user being able to locally access sensitive information in the process memory at runtime, potentially resulting in...

PT-2025-43742

CVE-2025-62828 - SAP SQL Injection CVE ID : CVE-2025-62828 Published : Oct. 24, 2025, 3:15 a.m. | 4 hours, 2 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

CVE-2025-50067

CVE-2025-50067 affects Oracle Application Express, specifically the Strategic Planner Starter App. Affected versions are 24.2.4 and 24.2.5. An attacker with network access over HTTP and low privileges can exploit via social interaction to take over the Oracle APEX instance. The CVSS base score is...

SAP S/4HANA 安全漏洞

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A security vulnerability exists in SAP S/4HANA that originates from remote code execution and could lead to complete control of the system...

MINI-5CFG-93WC-Q6XJ

Bulletin has no description...

CVE-2015-7731

SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830...

CVE-2025-30708

Oracle E-Business Suite vulnerability CVE-2025-30708 affects Oracle User Management (component: Search and Register Users) in 12.2.4–12.2.14. Multiple sources in connected documents confirm an unauthenticated, network-accessible exposure via HTTP that can lead to unauthorized access to sensitive ...

SAP Web Dispatcher和SAP Internet Communication Manager 日志信息泄露漏洞

SAP Web Dispatcher and SAP Internet Communication Manager SAP ICM are both products of SAP, Germany. SAP Web Dispatcher is a core component of Load Balancing, which supports load balancing and provides reverse proxy functionality to enable external users to access internal applications. SAP...

CVE-2025-21568

...

SAP GUI 安全漏洞

SAP GUI is an application from SAP, a German company. graphical user interface for SAP systems. A security vulnerability exists in SAP GUI for Windows that stems from storing user input on the client PC to improve usability, and an attacker is able to read this data...