CVE-2026-34257

Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the...

CVE-2026-40137 Cross-Site Scripting (XSS) vulnerability in Business Server Pages Application (TAF_APPLAUNCHER)

SAP TAFAPPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft malicious links that, when clicked by a victim, redirects them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on...

EUVD-2026-22168

Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the...

SAP NetWeaver AS ABAP SSRF (3689080)

The version of SAP NetWeaver AS ABAP and ABAP Platform detected on the remote host is affected by a server-side request forgery SSRF vulnerability as referenced in the SAP Security Patch Day March 2026: - SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, whic...

CVE-2025-62183

Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low...

CVE-2026-0505

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the...

CVE-2026-0505

CVE-2026-0505 affects BSP applications where unauthenticated users can manipulate user-controlled URL parameters that are not sufficiently validated, resulting in unvalidated redirects to attacker-controlled websites. Root cause: insufficient validation of URL parameters. Impact per provided metr...

SAP BusinessObjects Business Intelligence Platform SSRF (December 2025)

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote host is affected by a server-side request forgery vulnerability as disclosed in the SAP Security Patch Day December 2025: - SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote...

EUVD-2025-4093

Malicious code in bioql PyPI...

EUVD-2024-42812

Malicious code in bioql PyPI...

EUVD-2024-40875

Malicious code in bioql PyPI...

EUVD-2024-39582

Malicious code in bioql PyPI...

CVE-2024-44117

The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application...

CVE-2025-30010

The Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a malicious link, which when clicked by a victim, redirects the browser to a malicious site. On successfu...

CVE-2025-26655

SAP Just In TimeJIT does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted...

CVE-2025-23188

An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on confidentiality and availability...

CVE-2025-27433

CVE-2025-27433 affects the SAP S/4HANA Manage Bank Statements component, where an authenticated attacker can bypass certain functionality restrictions and upload files to a reversed bank statement. The available sources describe this as a low-impact vulnerability on integrity with no effect on co...

CVE-2025-26655

CVE-2025-26655 concerns SAP Just In Time (JIT) outbound components. The connected documents indicate a root cause of missing authorization checks for an authenticated user, allowing privilege escalation to restricted actions. According to the sources, the resulting impact is described as low on i...

CVE-2024-51947

ArcGIS Server (Esri) vulnerable: stored XSS in ArcGIS Server versions 11.3 and below via a crafted link, exploitable by a remote, authenticated attacker with publisher privileges. Impact is low on confidentiality and integrity; no impact to availability. Root cause: stored cross-site scripting in...

CVE-2024-51944 Stored XSS in Rest Services Directory

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...