CLEANSTART-2026-DI23929 Security fixes for CVE-2014-0138, CVE-2014-0139, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9594, CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000257, CVE-2017-2629, CVE-2017-7407, CVE-2017-7468, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-0500, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000300, CVE-2018-1000301, CVE-2018-14618, CVE-2018-16839, CVE-2018-16840, CVE-2018-16842, CVE-2018-16890, CVE-2019-3822, CVE-2019-3823, CVE-2019-5435, CVE-2019-5436, CVE-2019-5481, CVE-2019-5482, CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22898, CVE-2021-22901, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-32221, CVE-2022-35252, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916, CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218, CVE-2023-46219, CVE-2024-0853, CVE-2024-11053, CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8096, CVE-2024-9681, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-10148, CVE-2025-4947, CVE-2025-5025, CVE-2025-5399, CVE-2025-9086 applied in versions: 7.36.0-r0, 7.50.1-r0, 7.50.2-r0, 7.50.3-r0, 7.51.0-r0, 7.52.1-r0, 7.53.0-r0, 7.53.1-r2, 7.54.0-r0, 7.55.0-r0, 7.56.1-r0, 7.57.0-r0, 7.59.0-r0, 7.60.0-r0, 7.61.0-r0, 7.61.1-r0, 7.62.0-r0, 7.64.0-r0, 7.65.0-r0, 7.66.0-r0, 7.71.0-r0, 7.72.0-r0, 7.74.0-r0, 7.76.0-r0, 7.77.0-r0, 7.78.0-r0, 7.79.0-r0, 7.83.0-r0, 7.83.1-r0, 7.84.0-r0, 7.85.0-r0, 7.86.0-r0, 7.87.0-r0, 7.88.0-r0, 8.0.0-r0, 8.1.0-r0, 8.10.0-r0, 8.11.0-r0, 8.11.1-r0, 8.12.0-r0, 8.14.0-r0, 8.14.1-r0, 8.15.0-r0, 8.3.0-r0, 8.4.0-r0, 8.5.0-r0, 8.6.0-r0, 8.7.1-r0, 8.9.0-r0, 8.9.1-r0

Multiple security vulnerabilities affect the curl package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2023-26461

SAP NetWeaver allows SAP Enterprise Portal - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows the attacker to view...

SAP NetWeaver AS Cross-Site Scripting Vulnerability

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides web services, but is also the basic platform for SAP software. A cross-site scripting vulnerability exists in SAP NetWeaver AS for Java version 7.50, which stems from incorrect validation and encoding of incoming...

PT-2024-4514 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java versions 7.50 Description: The issue is related to the incorrect restriction of XML links to external objects in the Guided Procedures component of SAP NetWeaver AS for Java. This can be exploited by a remote attacker...

CVE-2023-42477

SAP NetWeaver AS Java GRMG Heartbeat application - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application...

CVE-2023-41367

Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver Guided Procedures - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s...

CVE-2023-27268

SAP NetWeaver AS Java Object Analyzing Service - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify...

SAP NetWeaver Application Server Java 访问控制错误漏洞

SAP NetWeaver AS Java is a German SAP SAP company provides a Java runtime environment for the application server. The product is mainly used to develop and run Java EE applications. An access control error vulnerability exists in SAP NetWeaver AS Java version 7.50, which stems from the fact that ...

SAP NetWeaver AS 访问控制错误漏洞

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. An Access Control Error vulnerability exists in the Java-based SAP NetWeaver AS version 7.50, which stems from improper access control, and can be...

SAP NetWeaver Enterprise Portal 跨站脚本漏洞

SAP NetWeaver Enterprise Portal is a web front-end component for SAP NetWeaver from SAP Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Enterprise Portal KMC version 7.50, which stems from insufficient control over user input, resulting in a cross-site scripting vulnerabilit...

PT-2022-22697 · Sap · Sap Netweaver Enterprise Portal

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Enterprise Portal KMC version 7.50 Description: The issue arises from insufficient encoding of user-controlled inputs, leading to a Cross-Site Scripting vulnerability. The KMC servlet is vulnerable to XSS attacks, which could...

drools 代码问题漏洞

drools is KIE open source a business rules management system . Open source rules engine, DMN engine and Complex Event Processing CEP engine for Java and JVM platforms. A security vulnerability exists in drools 7.59.x and earlier versions , the vulnerability stems from the Validator class in...

CVE-2022-26103

Under certain conditions, SAP NetWeaver Real Time Messaging Framework - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks...

Maharashtra State Electricity Distribution Mahavitaran 代码问题漏洞

Maharashtra State Electricity Distribution Mahavitaran is an official application of Maharashtra State Electricity Distribution, India. A security vulnerability exists in the Mahavitaran android application version 7.50 and earlier, which stems from improper OTP authentication subject to account...

Maharashtra State Electricity Distribution Maharashtra State Electricity Board Android Application 信息泄露漏洞

Maharashtra State Electricity Distribution Maharashtra State Electricity Board Android Application is an official consumer oriented application of Maharashtra State Electricity Distribution of India is an official consumer oriented application of Maharashtra State Electricity Distribution. A...

SAP NetWeaver 安全漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A security vulnerability exists in SAP NetWeaver Guided Procedures that stems from a lack of authorization check...

SAP NetWeaver Enterprise Portal Cross-Site Scripting Vulnerability

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A cross-site scripting vulnerability exists in SAP NetWeaver Enterprise Portal Fiori Framework Page versions 7.5...

CVE-2019-0298

SAP E-Commerce Business-to-Consumer application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54...

CVE-2017-9638

Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash...

Gemalto HASP SRM, Sentinel HASP and Sentinel LDK Sentinel LDK NTLM Relay Attack Vulnerabilities

Gemalto HASP SRM and Sentinel HASP are both cryptographic lock drivers from Gemalto, U.S.A. Sentinel LDK is a license management tool. A security vulnerability exists in Gemalto HASP SRM, Sentinel HASP, and Sentinel LDK Sentinel LDK RTE versions prior to 7.55. An attacker could exploit this...