CVE-2026-27671 Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high...

EUVD-2026-35278

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high...

PT-2026-47536

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with...

PT-2026-47692

Path traversal vulnerability in the SMS app. Impact: Successful exploitation of this vulnerability may affect availability...

PT-2026-47534

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP and ABAP Platform affected versions not specified Description An authenticated attacker with normal privileges can obtain a valid signed message and send modified signed XML documents to the verifier. This...

CVE-2026-39170

SemCms 5.0 is vulnerable to Cross Site Request Forgery CSRF via crafted POST request to /admin/semcmsuser.php...

bookcars 安全漏洞

Bookcars is a car rental management platform developed by Akram El Assas. Version 8.3 of Bookcars contains a security vulnerability. This vulnerability stems from the /api/delete-temp-license/file endpoint, where there is an arbitrary file deletion vulnerability. This could allow unauthenticated...

PT-2026-47983

Exposure of sensitive information to an unauthorized actor in Windows Application Identity AppID Subsystem allows an authorized attacker to disclose information locally...

SAP NetWeaver Application Server ABAP 数据伪造问题漏洞

SAP NetWeaver Application Server ABAP is a platform used by SAP, a German company, for the operation and development of applications written in the ABAP language. There is a vulnerability in SAP NetWeaver Application Server ABAP, which allows authenticated attackers to obtain valid signed message...

CVE-2026-36723

CVE-2026-36723 affects bookcars v8.3. An unrestricted file rename vulnerability in the /api/create-user component allows authenticated attackers to exploit directory traversal to move files from temporary storage to arbitrary locations on the server filesystem, enabling unauthorized access to sen...

Adobe InDesign Desktop 代码问题漏洞

Adobe InDesign Desktop is a page layout software developed by Adobe, a company based in America. Versions of Adobe InDesign Desktop such as 21.3, 20.5.3, and earlier versions have code vulnerabilities. These vulnerabilities stem from null pointer dereferencing issues, which can lead to applicatio...

PT-2026-47539

SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in the user�s browser within the context of the application. This issue has a low impact on the...

PT-2026-47993

Out-of-bounds read in Windows Application Identity AppID Subsystem allows an authorized attacker to disclose information locally...

PT-2026-47529

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP affected versions not specified SAP ABAP Platform affected versions not specified Description Improper RFC Remote Procedure Call protocol validation in the SAP Kernel allows an unauthenticated attacker to...

Security Bulletin: Security Vulnerabilities have been identified in IBM WebSphere Application Server bundled with IBM Financial Transaction Manager v3

Summary IBM WebSphere Application Server is bundled with IBM Financial Transaction Manager v3. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by remote code execution and HTTP request smuggling when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Vulnerability Detail...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by remote code execution and HTTP request smuggling when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Vulnerability...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by remote code execution and HTTP request smuggling when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Vulnerability...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a remote code execution vulnerability (CVE-2026-9311, CVE-2026-9330)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a remote code execution. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and Versions|...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a remote code execution vulnerability (CVE-2026-9311, CVE-2026-9330)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a remote code execution vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...