CVE-2021-27619

SAP Commerce Backoffice Search, versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are masked, the user can iteratively enter one character at a time to search and determine the...

CVE-2024-41733

In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the...

CVE-2024-41735

SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability causing low impact on confidentiality and integrity of the application...

CVE-2021-27602

SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject malicious code in the...

CVE-2024-39597

In SAP Commerce, a user can misuse the forgotten password functionality to gain access to a Composable Storefront B2B site for which early login and registration is activated, without requiring the merchant to approve the account beforehand. If the site is not configured as isolated site, this ca...

EUVD-2018-14360

Malware in sbrugna...

EUVD-2020-27351

Malware in sbrugna...

EUVD-2020-27382

Malware in sbrugna...

EUVD-2020-27414

Malware in sbrugna...

EUVD-2020-27350

Malware in sbrugna...

EUVD-2021-14366

Malware in sbrugna...

EUVD-2023-41373

Malicious code in bioql PyPI...

EUVD-2024-41410

Malicious code in bioql PyPI...

EUVD-2024-39178

Malicious code in bioql PyPI...

EUVD-2021-27678

Malicious code in bioql PyPI...

EUVD-2025-10102

Malicious code in bioql PyPI...

EUVD-2025-7779

Malicious code in bioql PyPI...

EUVD-2025-3969

Malicious code in bioql PyPI...

CVE-2024-45278

SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application...

CVE-2022-41204

An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack...