log4j-2.20.0-2.1 on GA media (moderate)

log4j-2.20.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10544-1 Rating: moderate Cross-References: CVE-2026-34477 CVE-2026-34479 CVE-2026-34480 CVE-2026-34481 CVSS scores: CVE-2026-34477 SUSE : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2026-34479 SUSE : 5.3...

goshs-2.0.0-1.1 on GA media (moderate)

goshs-2.0.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10542-1 Rating: moderate Cross-References: CVE-2026-35392 CVE-2026-35393 CVE-2026-35471 CVE-2026-40188 CVE-2026-40189 CVSS scores: CVE-2026-40188 SUSE : 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N CVE-2026-40188 SUSE : 6.3...

OPENSUSE-SU-2026:10552-1 python311-3.11.15-5.1 on GA media

These are all security issues fixed in the python311-3.11.15-5.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10551-1 perl-YAML-Syck-1.440.0-1.1 on GA media

These are all security issues fixed in the perl-YAML-Syck-1.440.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10550-1 apache-pdfbox-2.0.36-1.1 on GA media

These are all security issues fixed in the apache-pdfbox-2.0.36-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-6187

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chkprodavailability. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit i...

Important: Red Hat Security Advisory: Submariner v0.22 security fixes and container updates

Submariner v0.22 General Availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

CVE-2026-34256

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

CVE-2026-27673

Due to a missing authorization check, SAP S/4HANA Private Cloud and On-Premise allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the...

CVE-2026-0512

Due to a Cross-Site Scripting XSS vulnerability in the SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow t...

CVE-2026-34257 Open Redirect vulnerability in SAP NetWeaver Application Server ABAP

Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the...

EUVD-2026-22168

Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the...

CVE-2026-34256

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

EUVD-2026-22166

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

CVE-2026-34256 Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

CVE-2026-34256

CVE-2026-34256 affects SAP ERP and SAP S/4HANA (Private Cloud and On-Premise). The issue arises from a missing authorization check that allows an authenticated actor with low privileges to run a specific ABAP report and overwrite an existing eight-character executable ABAP report without authoriz...

CVE-2026-34256 Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

EUVD-2026-22154

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of th...

CVE-2026-27676

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Technical Object Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and...

CVE-2026-27675 Code Injection vulnerability in SAP Landscape Transformation

SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or...