CVE-2026-27671

Technical details about CVE-2026-27671 are not publicly available in the provided documents. Monitor for updates from SAP/security advisories.

SAP NetWeaver Application Server for ABAP 安全漏洞

SAP NetWeaver Application Server for ABAP is a core application server platform developed by the German company SAP. There is a security vulnerability in SAP NetWeaver Application Server for ABAP, which stems from the lack of authorization checks. This vulnerability may lead to the reading,...

CVE-2023-25615

Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead t...

CVE-2023-45824

OroPlatform is a PHP Business Application Platform BAP. A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4...

PT-2025-41836

Name of the Vulnerable Software and Affected Versions SAP Application Server for ABAP affected versions not specified Description An authenticated attacker can store malicious JavaScript payloads. These payloads could be executed in a victim user's browser when accessing the affected functionalit...

EUVD-2020-4222

Malware in sbrugna...

EUVD-2019-4690

Malware in sbrugna...

EUVD-2008-7191

Malware in sbrugna...

EUVD-2024-34461

Malicious code in bioql PyPI...

EUVD-2024-1018

Malicious code in bioql PyPI...

CVE-2025-42918 Missing Authorization check in SAP NetWeaver Application Server for ABAP (Background Processing)

SAP NetWeaver Application Server for ABAP allows authenticated users with access to background processing to gain unauthorized read access to profile parameters. This results in a low impact on confidentiality, with no impact on integrity or availability...

CVE-2025-42948 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform

Due to a Cross-Site Scripting XSS vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated user clicks on this link, the injected input is processed during the website�s page generation, resultin...

CVE-2025-33069

Improper verification of cryptographic signature in App Control for Business WDAC allows an unauthorized attacker to bypass a security feature locally...

CVE-2020-11882

The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links or by directly calling the activity. However, the deeplink format is not properly...

CVE-2025-22383

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could contain unfiltered HTML markup in specific...

X2CRM Cross-Site Scripting Vulnerability

X2CRM is a next generation open source social selling application for small and medium sized businesses. A cross-site scripting vulnerability exists in X2CRM. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited to...

JVN#65171386: Multiple vulnerabilities in ID Link Manager and FUJITSU Software TIME CREATOR

ID Link Manager and FUJITSU Software TIME CREATOR provided by Fsas Technologies Inc. contain multiple vulnerabilities listed below. Path Traversal CWE-36 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Base Score 8.6 CVE-2024-33620 Missing Authentication CWE-306...

CVE-2023-48296

OroPlatform is a PHP Business Application Platform BAP. Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4...

CVE-2023-45824

OroPlatform is a PHP Business Application Platform BAP. A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4...

CVE-2023-48296 OroPlatform's storefront user can access history and most viewed data from matching back-office user with the same ID

OroPlatform is a PHP Business Application Platform BAP. Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4...