CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/26 12:0 a.m.•5 views

IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty 环境问题漏洞

IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty are web server integration plugins developed by IBM. Versions 8.5 and 9.0 of these plugins contain environmental issues, which stem from vulnerabilities that can be exploited by HTTP request payload attacks...

7.5CVSS5.8AI score0.00068EPSS

CNNVD•added 2026/05/26 12:0 a.m.•6 views

IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty 代码注入漏洞

IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty are web server integration plugins developed by IBM. Versions 8.5 and 9.0 of these plugins contain a code injection vulnerability that can be exploited by remote code execution attacks...

9.8CVSS6.4AI score0.0026EPSS

Tenable Nessus•added 2026/05/26 12:0 a.m.•12 views

IBM WebSphere Application Server 8.5.x / 9.x RCE (7274072)

The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7274072 advisory. - IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and...

9.8CVSS6.5AI score0.0026EPSS

GithubExploit•added 2026/05/23 6:27 p.m.•44 views

icg-hackathon-api-server-exploits

No d...

5.8AI score

Exploits0

Tenable Nessus•added 2026/05/20 12:0 a.m.•6 views

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.28 / Liberty 19.0.0.7 < 26.0.0.6 DoS (7273424)

The version of IBM WebSphere Application Server running on the remote host is affected by a DoS vulnerability as referenced in the 7273424 advisory. - IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a...

7.5CVSS5.8AI score0.00121EPSS

Tenable Nessus•added 2026/05/15 12:0 a.m.•7 views

SAP NetWeaver AS ABAP Code Injection (3735359)

The version of SAP NetWeaver AS ABAP detected on the remote host is affected by a code injection vulnerability as referenced in SAP Security Note 3735359: - A code injection vulnerability exists in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform. An authenticated attacker with low...

4.3CVSS6AI score0.00016EPSS

Tenable Nessus•added 2026/05/15 12:0 a.m.•7 views

SAP NetWeaver AS ABAP Reflected XSS (3728690)

The version of SAP NetWeaver AS ABAP detected on the remote host is affected by a reflected cross-site scripting XSS vulnerability as referenced in SAP Security Note 3728690: - A reflected cross-site scripting XSS vulnerability exists in SAP NetWeaver Application Server ABAP Applications based on...

6.1CVSS5.9AI score0.00019EPSS

CVE•added 2026/05/14 6:33 p.m.•11 views

CVE-2026-27680

CVE-2026-27680 – CSS injection in SAP NetWeaver Application Server ABAP . Improper input handling allows injecting custom CSS into web pages served by the ABAP server; when a user loads or clicks the affected page, the CSS executes. The impact is described as low for confidentiality with no impac...

4.3CVSS5.8AI score0.00032EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/05/14 12:0 a.m.•6 views

SAP NetWeaver Application Server ABAP 安全漏洞

SAP NetWeaver Application Server ABAP is a platform used by SAP, a German company, for the operation and development of applications written in the ABAP language. There is a security vulnerability in SAP NetWeaver Application Server ABAP, which arises from improper handling of inputs under certai...

3.1CVSS5.8AI score0.00032EPSS

EUVD•added 2026/05/12 3:31 a.m.•4 views

EUVD-2026-29361

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

NVD•added 2026/05/12 3:16 a.m.•8 views

CVE-2026-40129

4.3CVSS0.00016EPSS

Cvelist•added 2026/05/12 2:21 a.m.•36 views

CVE-2026-40135 OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of...

6.5CVSS0.00129EPSS

Vulnrichment•added 2026/05/12 2:20 a.m.•5 views

CVE-2026-40129 Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform

ATTACKERKB•added 2026/05/12 2:20 a.m.•3 views

CVE-2026-40129

Positive Technologies•added 2026/05/12 12:0 a.m.•21 views

PT-2026-39928

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP and ABAP Platform affected versions not specified Description An OS Command Injection issue allows an authenticated attacker with administrative access to execute specially crafted shell commands on th...

6.5CVSS6AI score0.00129EPSS

Exploits0References7

Positive Technologies•added 2026/05/12 12:0 a.m.•27 views

PT-2026-39923

CNNVD•added 2026/05/12 12:0 a.m.•5 views

Apache Tomcat 输入验证错误漏洞

Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Vulnerabilities exist in versions of Apache Tomcat from 11.0.0-M1 to 11.0.21, 10.1.0-M1 to 10.1.54, 9.0.0.M1 to 9.0.117, and...

9.8CVSS5.8AI score0.00073EPSS