3172 matches found
CVE-2026-58558
Permission control vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
EUVD-2026-44664
Permission control vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2026-58553
CVE-2026-58553 is described as an out-of-bounds read in the image codec module with potential impact to service confidentiality. Metrics show CVSSv3.1: Local attack vector, Low attack complexity, No privileges required, No user interaction, Confidentiality impact None, Integrity impact None, Avai...
CVE-2026-58552
CVE-2026-58552 describes an out-of-bounds read in the image codec module. The CVSS v3.1 base score is 5.1 (MEDIUM); attack vector: LOCAL , no privileges required, no user interaction. Impacts: confidentiality and availability may be affected; integrity: NONE . The connected documents provide no c...
CVE-2026-58552
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2026-58551
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2026-58550
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2026-58549
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
Leantime < 2.4 - Authenticated SQL Injection
Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...
CVE-2026-44770
SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the...
CVE-2026-44761
SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token...
CVE-2026-44753
SAP HANA Database user self service tools allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts,...
CVE-2026-0487
SAProuter on Microsoft Windows allows an unauthenticated attacker to load library DLL files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impac...
CVE-2026-44771 Missing Authorization check in SAP S/4HANA (Draft operation)
SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of...
EUVD-2026-43595
SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of...
CVE-2026-44770 Missing Authorization check in SAP S/4 HANA (Create Single Payment)
SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the...
EUVD-2026-43594
SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the...
CVE-2026-44769
CVE-2026-44769 affects SAP S/4HANA Project Management (PPM-PRO). The connected documents describe a vulnerability where an attacker with high privileges can induce crafted database queries, resulting in exposure of the backend database. The impact is specified as low for confidentiality (C:H) wit...
EUVD-2026-43593
SAP S/4HANA application Project Management PPM-PRO allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application...
EUVD-2026-43588
SAP HANA Database user self service tools allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts,...