14 matches found
CVE-2026-44751 Missing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP Platform
Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with...
CVE-2026-0502 Cross Site Request Forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform
Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiali...
PT-2026-24158
Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP affected versions not specified Description The software includes an ABAP Report designed for testing that enables sending HTTP requests to any internal or external endpoint. This functionality is...
K000159578: ImageMagick vulnerability CVE-2025-68618
Security Advisory Description ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue. CVE-2025-68618 Impact There is no impact; F...
CVE-2026-0493
CVE-2026-0493 describes a Cross-Site Request Forgery in the SAP Fiori App Intercompany Balance Reconciliation. The issue could allow an attacker to trigger state-changing actions on behalf of an authenticated user by using an inappropriate request type, with low impact on integrity and no impact ...
K000158972: Linux kernel (nilfs) vulnerability CVE-2022-50367
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfsmdtdestroy In allocinode, inodeinitalways could return -ENOMEM if securityinodealloc fails, which causes inode-iprivate uninitialized. Then nilfsismetadatafileinode return...
CVE-2025-42893 Open Redirect vulnerability in SAP Business Connector
Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site displayed within an embedded frame. Successful exploitation could allow the attacker to steal...
PT-2025-39106
Name of the Vulnerable Software and Affected Versions SAP BI Platform affected versions not specified Description An attacker can modify the IP address within the LogonToken associated with OpenDoc. Accessing the modified link in a web browser may redirect a ping request to a different server. Th...
CVE-2025-42942
SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated victim to click on it to execute the script. Upon successful exploitation, the attacker could...
CVE-2025-42945 HTML Injection vulnerability in SAP NetWeaver Application Server ABAP
SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or it...
PT-2025-32607 · Sap · Sap S/4Hana
Name of the Vulnerable Software and Affected Versions: SAP S/4HANA Bank Communication Management affected versions not specified Description: A directory traversal issue exists in SAP S/4HANA Bank Communication Management. An attacker with elevated privileges and access to a specific transaction...
SUSE CVE-2021-43396
In iconvdata/iso-2022-jp-3.c in the GNU C Library aka glibc 2.34, remote attackers can force iconv to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv use cases. NOTE: the vendor states "t...
UBUNTU-CVE-2019-18678
An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches between a client and Squid with attacker-controlle...
BELL-CVE-2012-5374 CVE-2012-5374 does not affect BellSoft software
Bulletin has no description...