CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

60 matches found

Cvelist•added 2026/05/12 2:23 a.m.•34 views

CVE-2026-40137 Cross-Site Scripting (XSS) vulnerability in Business Server Pages Application (TAF_APPLAUNCHER)

SAP TAFAPPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft malicious links that, when clicked by a victim, redirects them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on...

6.1CVSS0.00026EPSS

Exploits0References2

EUVD•added 2026/04/14 12:8 a.m.•3 views

EUVD-2026-22168

Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the...

6.1CVSS5.8AI score0.00056EPSS

Exploits0References2

CVE•added 2026/04/14 12:7 a.m.•4 views

CVE-2026-27679

CVE-2026-27679 affects the SAP S/4HANA frontend OData Service (Manage Reference Structures). Missing authorization checks allow an attacker to update and delete child entities via exposed OData services, impacting integrity (I: High) with no confidentiality or availability impact stated. CVSS v3....

6.5CVSS5.8AI score0.00045EPSS

Exploits0References2Affected Software1

Tenable Nessus•added 2026/03/13 12:0 a.m.•1 views

SAP NetWeaver AS ABAP SSRF (3689080)

The version of SAP NetWeaver AS ABAP and ABAP Platform detected on the remote host is affected by a server-side request forgery SSRF vulnerability as referenced in the SAP Security Patch Day March 2026: - SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, whic...

6.4CVSS5.9AI score0.00037EPSS

Exploits0References3

ATTACKERKB•added 2026/02/26 2:49 a.m.•2 views

CVE-2026-25963

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

6.5CVSS5.3AI score0.0004EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/02/19 1:27 a.m.•2 views

CVE-2025-62183

Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low...

4.8CVSS5.5AI score0.00065EPSS

Exploits0References1

OSV•added 2026/02/10 4:16 a.m.•0 views

CVE-2026-0505

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the...

6.1CVSS5.8AI score

Exploits0References2

CVE•added 2026/02/10 3:1 a.m.•6 views

CVE-2026-0505

CVE-2026-0505 affects BSP applications where unauthenticated users can manipulate user-controlled URL parameters that are not sufficiently validated, resulting in unvalidated redirects to attacker-controlled websites. Root cause: insufficient validation of URL parameters. Impact per provided metr...

6.1CVSS5.6AI score0.00034EPSS

Exploits0References2Affected Software3

RedhatCVE•added 2026/02/03 2:7 p.m.•2 views

CVE-2025-61634

A flaw was found in MediaWiki, associated with the includes/Rest/Handler/PageHTMLHandler.Php program file, which is involved in page handling. This vulnerability could potentially be exploited by a remote attacker without requiring special privileges, but it does necessitate user interaction. Bas...

3.1CVSS5.2AI score0.00009EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 8:51 a.m.•3 views

CVE-2021-2210

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite component: Quotes. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade...

8.2CVSS7.3AI score0.01691EPSS

Exploits0References1

Tenable Nessus•added 2025/12/11 12:0 a.m.•3 views

SAP BusinessObjects Business Intelligence Platform SSRF (December 2025)

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote host is affected by a server-side request forgery vulnerability as disclosed in the SAP Security Patch Day December 2025: - SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote...

5.4CVSS5.6AI score0.00039EPSS

Exploits0References3

NVD•added 2025/11/11 5:15 p.m.•1 views

CVE-2025-24918

Improper link resolution before file access 'link following' for some IntelR Server Configuration Utility software and IntelR Server Firmware Update Utility software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an...

6.7CVSS0.00015EPSS

Exploits0References1

Cvelist•added 2025/11/11 4:50 p.m.•4 views

CVE-2025-24848

Protection mechanism failure for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This...

6.3CVSS0.00013EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2012-1739

Malware in sbrugna...

4.3CVSS6.4AI score0.00524EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2024-39582