CVE-2026-34256

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

EUVD-2026-22166

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

CVE-2026-34256 Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

CVE-2026-34256

CVE-2026-34256 affects SAP ERP and SAP S/4HANA (Private Cloud and On-Premise). The issue arises from a missing authorization check that allows an authenticated actor with low privileges to run a specific ABAP report and overwrite an existing eight-character executable ABAP report without authoriz...

CVE-2026-34256 Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

CVE-2026-27672

CVE-2026-27672 affects the Material Master application. The issue is that authenticated users can execute reports without proper authorization checks, leading to disclosure of sensitive information. According to the sources, impact on confidentiality is low; integrity and availability are not aff...

EUVD-2026-22142

The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulting in the disclosure of sensitive information. This vulnerability has a low impact on confidentiality and does not affect integrity and availability of the system...

CVE-2026-27672

The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulting in the disclosure of sensitive information. This vulnerability has a low impact on confidentiality and does not affect integrity and availability of the system...

SAP Material Master 安全漏洞

SAP Material Master is a corporate materials data management and maintenance system developed by the German company SAP. There is a security vulnerability in SAP Material Master; this vulnerability arises from the lack of mandatory authorization checks during report execution, which may lead to t...

PT-2026-32566

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

PT-2026-32552

The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulting in the disclosure of sensitive information. This vulnerability has a low impact on confidentiality and does not affect integrity and availability of the system...

EUVD-2026-21988

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30806

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800...

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

CVE-2026-30806 OS Command Injection in Network Report leads to Remote Code Execution

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30806

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30806

The CVE-2026-30806 entry affects Pandora FMS versions 777–800 and involves Improper Neutralization of Special Elements used in an OS Command vulnerability, enabling OS command injection via the Network Report. The CVE list describes this as leading to Remote Code Execution. No further technical s...

CVE-2026-30806 OS Command Injection in Network Report leads to Remote Code Execution

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800...

`pretty-changelog-logger` was removed from crates.io for malicious code

pretty-changelog-logger contains a build script build.rs that acts as a loader/dropper for malicious payloads. The malicious crate had 3 versions published on 2026-04-08 that had a total of 2239 downloads. There were no crates depending on this crate on crates.io. Thanks to Socket.dev for detecti...

CVE-2026-6179 Stored Cross Site Scripting in NightWolf Penetration Testing Platform

Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser...