13 matches found
CVE-2026-0502 Cross Site Request Forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform
Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiali...
PT-2026-24158
SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery SSRF. Successful exploitation could lead to interaction with...
K000159578: ImageMagick vulnerability CVE-2025-68618
Security Advisory Description ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue. CVE-2025-68618 Impact There is no impact; F...
CVE-2026-0493
CVE-2026-0493 describes a Cross-Site Request Forgery in the SAP Fiori App Intercompany Balance Reconciliation. The issue could allow an attacker to trigger state-changing actions on behalf of an authenticated user by using an inappropriate request type, with low impact on integrity and no impact ...
K000158972: Linux kernel (nilfs) vulnerability CVE-2022-50367
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfsmdtdestroy In allocinode, inodeinitalways could return -ENOMEM if securityinodealloc fails, which causes inode-iprivate uninitialized. Then nilfsismetadatafileinode return...
CVE-2025-42893 Open Redirect vulnerability in SAP Business Connector
Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site displayed within an embedded frame. Successful exploitation could allow the attacker to steal...
PT-2025-39106
Name of the Vulnerable Software and Affected Versions SAP BI Platform affected versions not specified Description An attacker can modify the IP address within the LogonToken associated with OpenDoc. Accessing the modified link in a web browser may redirect a ping request to a different server. Th...
CVE-2025-42942
SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated victim to click on it to execute the script. Upon successful exploitation, the attacker could...
CVE-2025-42945 HTML Injection vulnerability in SAP NetWeaver Application Server ABAP
SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or it...
PT-2025-32607 · Sap · Sap S/4Hana
Name of the Vulnerable Software and Affected Versions: SAP S/4HANA Bank Communication Management affected versions not specified Description: A directory traversal issue exists in SAP S/4HANA Bank Communication Management. An attacker with elevated privileges and access to a specific transaction...
SUSE CVE-2021-43396
In iconvdata/iso-2022-jp-3.c in the GNU C Library aka glibc 2.34, remote attackers can force iconv to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv use cases. NOTE: the vendor states "t...
UBUNTU-CVE-2019-18678
An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches between a client and Squid with attacker-controlle...
BELL-CVE-2012-5374 CVE-2012-5374 does not affect BellSoft software
Bulletin has no description...