Lucene search
K

178 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.10 views

CVE-2026-44743

Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application...

3.7CVSS5.5AI score0.00188EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 1:16 a.m.19 views

CVE-2026-24315

SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system...

4.2CVSS0.00174EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 12:20 a.m.37 views

CVE-2026-44743

CVE-2026-44743 involves SAP Business Objects. Under certain conditions, an unauthorized actor accessing a specific endpoint can leak sensitive information. Impact is described as LOW for confidentiality, with no impact on integrity or availability. The CVSS 3.1 vector is AV:N/AC:H/PR:N/UI:N/S:U/C...

3.7CVSS5.5AI score0.00188EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 12:20 a.m.13 views

EUVD-2026-35280

Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application...

3.7CVSS5.5AI score0.00188EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/09 12:20 a.m.8 views

CVE-2026-44743

Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application...

3.7CVSS5.5AI score0.00188EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 12:20 a.m.8 views

CVE-2026-44743 Security Misconfiguration vulnerability in SAP Business Objects

Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application...

3.7CVSS5.5AI score0.00188EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 12:19 a.m.36 views

CVE-2026-24315 Path Traversal Vulnerability in SAP Fiori (launchpad)

SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system...

4.2CVSS0.00174EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.10 views

CVE-2026-27680

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...

4.3CVSS5.5AI score0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.10 views

CVE-2026-34258

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

4.7CVSS5.5AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-27672

The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulting in the disclosure of sensitive information. This vulnerability has a low impact on confidentiality and does not affect integrity and availability of the system...

4.3CVSS5.5AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.12 views

CVE-2026-27683

SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes in the user�s browser, potentially exposing restricted information. This results in a low impact...

4.1CVSS5.5AI score0.00185EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 5:24 p.m.37 views

CVE-2026-44749 Information Disclosure vulnerability in SAP Gateway

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts e.g., regex patterns and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected...

4.3CVSS0.00258EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:24 p.m.10 views

CVE-2026-44749

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts e.g., regex patterns and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected...

4.3CVSS5.8AI score0.00258EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/26 5:24 p.m.17 views

EUVD-2026-31933

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts e.g., regex patterns and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected...

4.3CVSS5.8AI score0.00258EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 6:33 p.m.9 views

CVE-2026-27680 CSS Injection vulnerability in SAP NetWeaver Application Server ABAP

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...

3.1CVSS5.8AI score0.00173EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 6:33 p.m.19 views

CVE-2026-27680

CVE-2026-27680 – CSS injection in SAP NetWeaver Application Server ABAP . Improper input handling allows injecting custom CSS into web pages served by the ABAP server; when a user loads or clicks the affected page, the CSS executes. The impact is described as low for confidentiality with no impac...

4.3CVSS5.8AI score0.00173EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/14 6:33 p.m.10 views

EUVD-2026-30363

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...

3.1CVSS5.8AI score0.00173EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.13 views

EUVD-2026-29534

Improper input validation for some IntelR QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result...

6.9CVSS5.7AI score0.00099EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 3:31 a.m.8 views

EUVD-2026-29368

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

4.7CVSS5.8AI score0.00249EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 3:16 a.m.12 views

CVE-2026-34258

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

4.7CVSS0.00249EPSS
Exploits0References2
Rows per page
Query Builder