CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/02/10 4:25 p.m.•5 views

CVE-2025-27940

Out-of-bounds read for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Software side channel adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access wh...

5.6CVSS5.3AI score0.00098EPSS

CVE•added 2026/02/10 4:25 p.m.•11 views

CVE-2025-27940

CVE-2025-27940 : Out-of-bounds read affecting some TDX Module before version tdx1.5 within Ring 0: Hypervisor. The issue may allow an information disclosure under a local attack by a software side channel adversary with privileged user and high attack complexity, requiring no user interaction. Im...

5.6CVSS5.3AI score0.00098EPSS

CVE•added 2026/02/10 4:25 p.m.•10 views

CVE-2025-22885

CVE-2025-22885 concerns firmware for the TDX Module with an improper buffer restriction that may enable privilege escalation. The issue is exploitable locally by a system software adversary who already has privileged user access, under high attack complexity and with no user interaction required....

5.6CVSS5.6AI score0.00133EPSS

Cvelist•added 2026/02/10 4:25 p.m.•24 views

CVE-2025-22885

Improper buffer restrictions in the firmware for the TDX Module may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack...

5.6CVSS0.00133EPSS

OSV•added 2026/02/10 4:16 a.m.•1 views

CVE-2026-23689

Due to an uncontrolled resource consumption Denial of Service vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution th...

7.7CVSS5.9AI score0.00354EPSS

OSV•added 2026/02/10 4:16 a.m.•2 views

CVE-2026-23681

Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan...

4.3CVSS5.8AI score0.00168EPSS

OSV•added 2026/02/10 4:16 a.m.•2 views

CVE-2026-0486

In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted...

4.3CVSS5.9AI score0.00168EPSS

NVD•added 2026/02/10 4:16 a.m.•7 views

CVE-2026-0486

5CVSS0.00168EPSS

CVE•added 2026/02/10 3:3 a.m.•9 views

CVE-2026-23689

CVE-2026-23689 involves an authenticated attacker with regular user privileges who can access the network to trigger a remote-enabled function module using an excessively large loop-control parameter. This leads to prolonged loop execution and uncontrolled resource consumption, resulting in a den...

7.7CVSS5.8AI score0.00354EPSS

Exploits0References2Affected Software2

Cvelist•added 2026/02/10 3:3 a.m.•32 views

CVE-2026-23689 Denial of service (DOS) in SAP Supply Chain Management

7.7CVSS0.00354EPSS

Cvelist•added 2026/02/10 3:2 a.m.•29 views

CVE-2026-23681 Missing Authorization check in a function module in SAP Support Tools Plug-In

4.3CVSS0.00168EPSS

CVE•added 2026/02/10 3:0 a.m.•17 views

CVE-2026-0486

In ABAP-based SAP systems, a remote-enabled function module lacks necessary authorization checks for an authenticated user, leading to disclosure of system information. Root cause: missing authorization validation in the module. Impact: confidentiality low; integrity and availability not affected...

5CVSS5.5AI score0.00168EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/02/10 3:0 a.m.•27 views

CVE-2026-0486 Missing Authorization Check in ABAP based SAP systems

5CVSS0.00168EPSS

Snyk•added 2026/02/10 12:25 a.m.•3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper normalization of URL paths in the rules. An attacker can gain unauthorized access to restricted files and perform unauthorized modifications by crafting requests with multiple leading slashes in the...

8.6CVSS5.6AI score0.00461EPSS

Exploits2References2

CERT•added 2026/02/10 12:0 a.m.•8 views

CASL Ability contains a prototype pollution vulnerability

Overview A prototype pollution vulnerability present in CASL Ability versions 2.4.0 through 6.7.4 is triggered through the rulesToFields function in the extra module. The program’s library contains a method called setByPath that does not properly sanitize property names, allowing attackers to add...

9.8CVSS6.2AI score0.00624EPSS

Positive Technologies•added 2026/02/10 12:0 a.m.•5 views

PT-2026-7301

Name of the Vulnerable Software and Affected Versions TDX Module versions prior to tdx1.5 Description A race condition exists within the hypervisor in Ring 0 for some TDX Module versions prior to tdx1.5, potentially leading to a denial of service. An authorized adversary with privileged user...

5.6CVSS5.2AI score0.00074EPSS

Positive Technologies•added 2026/02/10 12:0 a.m.•7 views

PT-2026-7210

4.3CVSS5.5AI score0.00168EPSS

Positive Technologies•added 2026/02/10 12:0 a.m.•11 views

PT-2026-7221

Name of the Vulnerable Software and Affected Versions SAP Solution Tools Plug-In affected versions not specified Description The SAP Solution Tools Plug-In ST-PI includes a function module lacking proper authorization checks for authenticated users, potentially leading to the disclosure of...

7.7CVSS5.4AI score0.00209EPSS

Exploits0References6

Positive Technologies•added 2026/02/10 12:0 a.m.•6 views

PT-2026-7202

5CVSS5.5AI score0.00168EPSS