CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/01/13 1:14 a.m.•27 views

CVE-2026-0506 Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform

Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines FORMs in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs...

8.1CVSS0.00228EPSS

CVE•added 2026/01/13 1:14 a.m.•17 views

CVE-2026-0506

The CVE-2026-0506 issue affects SAP NetWeaver ABAP/ABAP Platform (Application Server ABAP) and is caused by a Missing Authorization Check in an RFC function that can execute FORM routines. An authenticated attacker could write/modify data accessible via FORMs and invoke system functionality expos...

8.1CVSS6.6AI score0.00228EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/01/13 1:14 a.m.•26 views

CVE-2026-0504 Insufficient Input Handling in JNDI Operations of SAP Identity Management

Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests that are processed by JNDI operations without adequate input neutralization. This may lead to limited disclosure or modification...

3.8CVSS0.00171EPSS

Vulnrichment•added 2026/01/13 1:14 a.m.•3 views

CVE-2026-0501 SQL Injection Vulnerability in SAP S/4HANA Private Cloud and On-Premise (Financials � General Ledger)

Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise Financials General Ledger, an authenticated user could execute crafted SQL queries to read, modify, and delete backend database data. This leads to a high impact on the confidentiality, integrity, and availability of...

9.9CVSS6.8AI score0.00414EPSS

Cvelist•added 2026/01/13 1:14 a.m.•26 views

CVE-2026-0501 SQL Injection Vulnerability in SAP S/4HANA Private Cloud and On-Premise (Financials � General Ledger)

9.9CVSS0.00414EPSS

CVE•added 2026/01/13 1:13 a.m.•18 views

CVE-2026-0493

CVE-2026-0493 describes a Cross-Site Request Forgery in the SAP Fiori App Intercompany Balance Reconciliation. The issue could allow an attacker to trigger state-changing actions on behalf of an authenticated user by using an inappropriate request type, with low impact on integrity and no impact ...

4.3CVSS6.5AI score0.0011EPSS

7.8CVSS6.3AI score0.00283EPSS

ROS-20260113-7323

A vulnerability in the dosysremapfilepages function of the mm/mmap.c module of the Linux kernel is related to permission handling errors. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of protected information...

7.8CVSS6.5AI score0.00247EPSS

ROS-20260113-7316

Vulnerability of astudcgetstatus function in drivers/usb/gadget/udc/aspeedudc.c module of usb gadget driver of Linux kernel is related to incorrect index calculation. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of protected...

Vulnrichment•added 2026/01/13 12:0 a.m.•2 views

CVE-2025-69991

phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in checkavailablity.php...

7.6AI score0.00393EPSS

Exploits1References1

7.8CVSS6.4AI score0.00233EPSS

ROS-20260113-7387

A vulnerability in the bfqchoosereq function of the block/bfq-iosched.c module of the Linux kernel is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of protected information...

7.8CVSS6.4AI score0.00232EPSS

ROS-20260113-7361

A vulnerability in the scosocktimeout function in the net/bluetooth/sco.c module of the Bluetooth protocol implementation of the Linux kernel is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and...

7.8CVSS6.6AI score0.00271EPSS

ROS-20260113-7345

A vulnerability in the ext4fillsuper function in the fs/ext4/super.c module of the ext4 file system of the Linux kernel is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of protected...

7.8CVSS6.5AI score0.00231EPSS

ROS-20260113-7352

A vulnerability in the decryptrawdata function in the fs/smb/client/smb2ops.c module of the SMB subsystem of the Linux kernel is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of...

7.8CVSS6.4AI score0.00233EPSS

ROS-20260113-7357

A vulnerability in the prepareuprobebuffer function of the kernel/trace/traceuprobe.c module of the Linux kernel is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of protected informati...

Redos•added 2026/01/13 12:0 a.m.•3 views

ROS-20260113-7358

A vulnerability in the gsmcleanupmux function in the drivers/tty/ngsm.c module of the Linux kernel is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of protected information...

7.8CVSS6.6AI score0.00258EPSS

7.8CVSS6.5AI score0.00247EPSS

ROS-20260113-7347

A vulnerability in the linkdestruct function in the drivers/gpu/drm/amd/display/dc/link/linkfactory.c module of the amdgpu driver of the Linux kernel is related to the re-release of previously freed memory. Exploitation of the vulnerability could allow an attacker to affect the confidentiality,...