CVE-2026-40129 Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

CVE-2026-40129

The vulnerability CVE-2026-40129 affects SAP Application Server ABAP for SAP NetWeaver and ABAP Platform. A code injection flaw allows an authenticated attacker to submit specially crafted inputs that, if processed, can be delivered to channel subscribers and execute code on behalf of other users...

SAP ABAP Platform 安全漏洞

SAP ABAP Platform is an ABAP-based SAP solution developed by the German company SAP. There is a security vulnerability in SAP ABAP Platform, which stems from the unauthorized activation of functional modules that fail to perform necessary authorization checks on verified users. This vulnerability...

SAP AS ABAP和SAP NetWeaver ABAP Platform 数据伪造问题漏洞

SAP AS ABAP and SAP NetWeaver ABAP Platform are both products of the German company SAP. SAP AS ABAP is a development tool for SAP software. SAP NetWeaver ABAP Platform is an integrated technology platform. Both SAP AS ABAP and SAP NetWeaver ABAP Platform have vulnerabilities related to data...

CVE-2026-0507

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables...

CVE-2026-0507 OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables...

CVE-2025-42901

SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability ...

CVE-2025-42901

CVE-2025-42901 affects SAP Application Server for ABAP (BAPI Explorer) where an authenticated attacker can store malicious JavaScript payloads that execute in the victim’s browser. Impact is described as low for confidentiality and integrity, with no availability impact. Root cause involves store...

CVE-2025-42901 Code Injection vulnerability in SAP Application Server for ABAP (BAPI Browser)

SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability ...

EUVD-2015-4182

Malware in sbrugna...

EUVD-2024-25092

Malicious code in bioql PyPI...

EUVD-2021-27677

Malicious code in bioql PyPI...

EUVD-2023-29555

Malicious code in bioql PyPI...

SAP NetWeaver AS ABAP Multiple Vulnerabilities (August 2025)

The remote SAP NetWeaver ABAP server may be affected by multiple vulnerabilies. - The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in t...

SAP NetWeaver Application Server ABAP和SAP ABAP Platform 跨站脚本漏洞

SAP ABAP Platform and SAP NetWeaver Application Server ABAP are both products of SAP, Germany.SAP ABAP Platform is an ABAP-based SAP solution.SAP NetWeaver Application Server SAP NetWeaver Application Server ABAP is a platform for running and developing applications based on the ABAP language. A...

CVE-2024-27900

Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner...

CVE-2021-40501

SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker...

CVE-2025-24872

The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain unauthorized access to a specific transaction. By executing the add-on build functionality within the ABAP Build Framework, an attacker could call the transaction and view its details. This has a limited impact...

CVE-2025-24872

CVE-2025-24872 concerns the SAP ABAP Platform, specifically the ABAP Build Framework. The authenticated attacker can gain unauthorized access to a specific transaction by invoking the add-on build functionality, allowing viewing of the transaction details. The documented impact is limited to conf...

CVE-2025-24872 Missing Authorization check in SAP ABAP Platform (ABAP Build Framework)

The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain unauthorized access to a specific transaction. By executing the add-on build functionality within the ABAP Build Framework, an attacker could call the transaction and view its details. This has a limited impact...