54720 matches found
CVE-2026-23689
CVE-2026-23689 involves an authenticated attacker with regular user privileges who can access the network to trigger a remote-enabled function module using an excessively large loop-control parameter. This leads to prolonged loop execution and uncontrolled resource consumption, resulting in a den...
CVE-2026-23689 Denial of service (DOS) in SAP Supply Chain Management
Due to an uncontrolled resource consumption Denial of Service vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution th...
CVE-2026-23681 Missing Authorization check in a function module in SAP Support Tools Plug-In
Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan...
CVE-2026-0486
In ABAP-based SAP systems, a remote-enabled function module lacks necessary authorization checks for an authenticated user, leading to disclosure of system information. Root cause: missing authorization validation in the module. Impact: confidentiality low; integrity and availability not affected...
CVE-2026-0486 Missing Authorization Check in ABAP based SAP systems
In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper normalization of URL paths in the rules. An attacker can gain unauthorized access to restricted files and perform unauthorized modifications by crafting requests with multiple leading slashes in the...
PT-2026-7216
Name of the Vulnerable Software and Affected Versions affected versions not specified Description An authenticated attacker with standard user privileges and network access can cause a denial-of-service condition by repeatedly calling a remotely enabled function module with a very large...
PT-2026-7301
Name of the Vulnerable Software and Affected Versions TDX Module versions prior to tdx1.5 Description A race condition exists within the hypervisor in Ring 0 for some TDX Module versions prior to tdx1.5, potentially leading to a denial of service. An authorized adversary with privileged user...
PT-2026-7210
Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan...
PT-2026-7221
Name of the Vulnerable Software and Affected Versions SAP Solution Tools Plug-In affected versions not specified Description The SAP Solution Tools Plug-In ST-PI includes a function module lacking proper authorization checks for authenticated users, potentially leading to the disclosure of...
PT-2026-7202
In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted...
PT-2026-7287
Name of the Vulnerable Software and Affected Versions TDX Module affected versions not specified Description An issue exists in the firmware of the TDX Module related to improper buffer restrictions. A system software adversary with privileged user access and a high complexity attack may be able ...
PT-2026-7308
Name of the Vulnerable Software and Affected Versions TDX Module versions prior to tdx1.5 Description A flaw exists in some TDX Module versions before tdx1.5 within Ring 0, potentially leading to information disclosure. An authorized adversary with privileged user access and a high complexity...
CASL Ability contains a prototype pollution vulnerability
Overview A prototype pollution vulnerability present in CASL Ability versions 2.4.0 through 6.7.4 is triggered through the rulesToFields function in the extra module. The program’s library contains a method called setByPath that does not properly sanitize property names, allowing attackers to add...
CVE-2025-15315
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server...
CVE-2025-15315
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server...
CVE-2025-15315 Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server...
CVE-2025-15315
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server...
CVE-2025-15315 Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server...
CVE-2025-15315
Technical details about CVE-2025-15315 (affected Tanium product, vulnerable component, root cause, versions, exploitability) are not publicly provided in the supplied documents. Monitor for updates from Tanium and official disclosures.