Lucene search
+L

23 matches found

NVD
NVD
added 2026/06/09 1:16 a.m.13 views

CVE-2026-44755

SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not affect the confidentiality and availability of th...

4.3CVSS0.00109EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.11 views

CVE-2026-40136

SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availability. There is no impact on confidentiality and integrity ...

4.3CVSS5.4AI score0.0029EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 3:31 a.m.24 views

EUVD-2026-29363

Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:21 a.m.11 views

CVE-2026-40136

SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availability. There is no impact on confidentiality and integrity ...

4.3CVSS5.8AI score0.0029EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:21 a.m.8 views

CVE-2026-40134

Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/12 2:20 a.m.45 views

CVE-2026-40129 Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

4.3CVSS0.00255EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:19 a.m.6 views

CVE-2026-0502

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiali...

5.4CVSS5.8AI score0.00121EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.26 views

PT-2026-39929

SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availability. There is no impact on confidentiality and integrity ...

4.3CVSS5.8AI score0.0029EPSS
Exploits0References3
NVD
NVD
added 2026/04/14 12:16 a.m.3 views

CVE-2026-27673

Due to a missing authorization check, SAP S/4HANA Private Cloud and On-Premise allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the...

4.9CVSS0.00158EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/04 7:5 p.m.15 views

CVE-2025-8558

Insider Threat Management ITM Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents t...

5.4CVSS6.8AI score0.00598EPSS
Exploits0References1
CVE
CVE
added 2025/11/03 6:40 p.m.26 views

CVE-2025-8558

The CVE-2025-8558 entry concerns Proofpoint’s Insider Threat Management (ITM) Server. Affected software: ITM Server versions prior to 7.17.2. Vulnerable component/condition: an authentication bypass that allows an unauthenticated adversary on an adjacent network to unregister agents when the numb...

5.4CVSS6.5AI score0.00598EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/06 1:8 p.m.8 views

CVE-2025-54087

CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack requirements, and...

1.8CVSS6.4AI score0.00172EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-22141

Malicious code in bioql PyPI...

4.1CVSS5AI score0.00329EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-30426

Malicious code in bioql PyPI...

4.3CVSS6.6AI score0.00204EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-32209

Malicious code in bioql PyPI...

1.8CVSS6.6AI score0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/02 8:15 p.m.9 views

CVE-2025-54089 Cross-site Scripting vulnerability in Secure Access prior to 14.10

CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there are no attack requirements. Privileges...

4.6CVSS0.00192EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/02 8:15 p.m.2 views

CVE-2025-54089 Cross-site Scripting vulnerability in Secure Access prior to 14.10

CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there are no attack requirements. Privileges...

4.6CVSS5.6AI score0.00192EPSS
Exploits0References1
CVE
CVE
added 2025/08/12 2:4 a.m.19 views

CVE-2025-42934

Context: CVE-2025-42934 affects SAP S/4HANA Supplier invoice. What’s vulnerable: CRLF injection in inputs that bypasses the allowlist, enabling injection of untrusted sites into the Trusted Sites configuration. Affects SAP S/4HANA Supplier invoice functionality; root cause described as LF-based i...

4.3CVSS7AI score0.00246EPSS
Exploits0References2
OSV
OSV
added 2023/12/12 2:15 a.m.7 views

CVE-2023-49578

SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity of the application...

3.5CVSS5.7AI score0.0027EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2023/11/02 12:0 a.m.7 views

VulnCheck KEV: CVE-2023-22518

Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact on confidentiality since the attacker cannot exfiltrate any data...

10CVSS7.4AI score0.99999EPSS
Exploits14References1
Rows per page
Query Builder