CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

80 matches found

EUVD•added 2026/05/12 3:31 a.m.•20 views

EUVD-2026-29371

SAP S/4HANA SAP Enterprise Search for ABAP contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the...

9.6CVSS5.9AI score0.00466EPSS

Exploits0References3

ATTACKERKB•added 2026/05/12 2:20 a.m.•7 views

CVE-2026-34260

9.6CVSS5.9AI score0.00466EPSS

Exploits0References3

NVD•added 2026/04/14 12:16 a.m.•4 views

CVE-2026-27677

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Reference Equipment, an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not...

6.5CVSS0.00181EPSS

Exploits0References2

EUVD•added 2026/04/14 12:7 a.m.•5 views

EUVD-2026-22150

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

6.5CVSS5.8AI score0.00181EPSS

Exploits0References2

CNNVD•added 2026/01/13 12:0 a.m.•5 views

SAP Wily Introscope Enterprise Manager 代码注入漏洞

SAP Wily Introscope Enterprise Manager is an application performance management component from SAP, Germany. A code injection vulnerability exists in SAP Wily Introscope Enterprise Manager, which stems from the use of a vulnerable third-party component, and could allow an unauthenticated attacker...

9.6CVSS6.2AI score0.00351EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 10:40 a.m.•7 views

CVE-2022-35224

SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a...

6.1CVSS6AI score0.00552EPSS

Exploits0References1

Cvelist•added 2025/12/09 2:15 a.m.•28 views

CVE-2025-42891 Missing Authorization check in SAP Enterprise Search for ABAP

Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on...

5.5CVSS0.00259EPSS

Exploits0References2

CVE•added 2025/12/09 2:15 a.m.•9 views

CVE-2025-42891

CVE-2025-42891 involves a missing authorization check in SAP Enterprise Search for ABAP, enabling a high-privilege attacker to read/export database tables into an ABAP report. Affected component: SAP Enterprise Search for ABAP. Root cause: insufficient authorization checks. Impact (per sources): ...

5.5CVSS6AI score0.00259EPSS

Exploits0References2

Vulnrichment•added 2025/12/09 2:15 a.m.•3 views

CVE-2025-42891 Missing Authorization check in SAP Enterprise Search for ABAP

5.5CVSS6AI score0.00259EPSS

Exploits0References2

CNNVD•added 2025/12/09 12:0 a.m.•1 views

SAP S/4 HANA 安全漏洞

SAP S/4 HANA is an intelligent, integrated ERP software for large enterprises from SAP, a German company. A security vulnerability exists in SAP S/4 HANA Private Cloud that stems from a lack of authorization checks and could lead to cross-company code reading sensitive data and modifying document...

7.1CVSS6.6AI score0.00255EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-2347

Malware in sbrugna...

6.1CVSS6.3AI score0.01274EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-14274

Malware in sbrugna...

5.5CVSS4.8AI score0.00857EPSS

Exploits0References4