CVE-2026-27674

Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java Web Dynpro Java, an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, th...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several SAP products, including SAP Supplier Relationship Management, SAP BusinessObjects Business Intelligence Platform, SAP NetWeaver Application Server Java and ABAP, SAP Landscape Transformation, SAP Business Planning and Consolidation, SAP Business Warehouse,...

EUVD-2026-22146

Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java Web Dynpro Java, an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, th...

PT-2026-32554

Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java Web Dynpro Java, an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, th...

SAP NetWeaver AS Java CRLF Injection (3673213)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a CRLF injection vulnerability as disclosed in the SAP Security Patch Day February 2026: - SAP NetWeaver Application Server Java is affected by a CRLF injection vulnerability. An attacker could exploit...

CVE-2026-23686

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

CVE-2026-23686 CRLF Injection vulnerability in SAP NetWeaver Application Server Java

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

SAP NetWeaver Command Injection (January 2026)

The version of SAP NetWeaver Application Server for Java detected on the remote host is affected by an SAP NetWeaver is affected by a server-side request forgery SSRF vulnerabilityas disclosed in the SAP Security Patch Day January 2026: - Due to an OS Command Injection vulnerability in SAP...

CVE-2026-0510

The CVE-2026-0510 entry concerns SAP NetWeaver Application Server for Java (NW AS Java) where the User Management Engine (UME) uses an obsolete cryptographic algorithm to encrypt User Mapping data. The documented impact is low confidentiality risk with no integrity/availability impact. Affected c...

CVE-2026-0510 Obsolete Encryption Algorithm Used in NW AS Java UME User Mapping

The User Management Engine UME in NetWeaver Application Server for Java NW AS Java utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially...

CVE-2025-42919

Due to an Information Disclosure vulnerability in SAP NetWeaver Application Server Java, internal metadata files could be accessed via manipulated URLs. An unauthenticated attacker could exploit this vulnerability by inserting arbitrary path components in the request, allowing unauthorized access...

SAP NetWeaver AS Java Insecure Deserialization (October 2025)

The version of SAP NetWeaver Application Server for Java detected on the remote host is affected by an insecure deserialization vulnerability as disclosed in the SAP Security Patch Day October 2025: - Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could explo...

New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The vulnerability, tracked as CVE-2025-42944, carries a CVSS score of 10.0. It has been described as a...

EUVD-2017-3078

Malware in sbrugna...

EUVD-2025-27201

Malicious code in bioql PyPI...

EUVD-2024-42534

Malicious code in bioql PyPI...

CVE-2025-42926

SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Upon successfully exploitation, an unauthenticated attacker could access these files to gather additional sensitive information about the...

CVE-2025-42926 Missing Authentication check in SAP NetWeaver Application Server Java

SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Upon successfully exploitation, an unauthenticated attacker could access these files to gather additional sensitive information about the...

CVE-2025-42925 Predictable Object Identifier vulnerability in SAP NetWeaver AS Java (IIOP Service)

Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a brute force search. By leveraging knowledge of several identifiers generated close to the same time,...

CVE-2025-42922 Insecure File Operations vulnerability in SAP NetWeaver AS Java (Deploy Web Service)

SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compromise of confidentiality, integrity and availability of the system...