CVE-2026-0486 Missing Authorization Check in ABAP based SAP systems

In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted...

CVE-2025-42885 Missing authentication in SAP HANA 2.0 (hdbrss)

Due to missing authentication, SAP HANA 2.0 hdbrss allows an unauthenticated attacker to call a remote-enabled function that will enable them to view information. As a result, it has a low impact on the confidentiality but no impact on the integrity and availability of the system...

EUVD-2024-39582

Malicious code in bioql PyPI...

EUVD-2025-20341

Malicious code in bioql PyPI...

EUVD-2024-40872

Malicious code in bioql PyPI...

EUVD-2024-36486

Malicious code in bioql PyPI...

CVE-2025-42911

CVE-2025-42911 affects SAP NetWeaver (Service Data Download). An authenticated user can call a remote-enabled function module, potentially exposing information about the SAP system and operating system. The impact is described as low confidentiality impact, with no stated effects on integrity or ...

CVE-2025-42968

SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on...

CVE-2025-42968 Missing Authorization check in SAP NetWeaver (RFC enabled function module)

SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on...

CVE-2024-42377

SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application...

CVE-2025-23190

Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the system...

CVE-2025-23190 Missing Authorization check in SAP NetWeaver and ABAP platform (ST-PI)

Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the system...

CVE-2024-44112

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

CVE-2024-44112 Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

CVE-2024-44112 Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

CVE-2024-42377

SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application...

CVE-2024-42377 Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework

SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application...

CVE-2024-42377

CVE-2024-42377 concerns the SAP Shared Service Framework. The connected documents describe that an authenticated non-administrative user can call a remote-enabled function, enabling insertion of value entries into a non-sensitive table and resulting in low integrity impact to the application. The...

CVE-2024-37180 [CVE-2024-37180] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be restricted, the function can be used to read non-sensitive information with low impact on...

CVE-2022-41214

CVE-2022-41214 affects SAP NetWeaver Application Server ABAP and ABAP Platform. The root cause, as described across multiple sources, is insufficient input validation that enables a user with high privileges to invoke a remote-enabled function to delete a file that would normally be restricted. S...