PT-2026-24159

SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's...

EUVD-2025-24211

Malicious code in bioql PyPI...

CVE-2025-42943

SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP...

Vulnerabilities fixed in SAP products

SAP has fixed multiple vulnerabilities in various SAP products, including NetWeaver, NetWeaver Visual Composer, SAP GUI, pcde, Business Objects, HANA and other components. The vulnerabilities include an unlimited file upload error that allows unauthenticated users to upload malicious files, which...

SAP GUI Information Disclosure Vulnerability

SAP GUI is an application from SAP, a German company. graphical user interface for SAP systems. An information disclosure vulnerability exists in SAP GUI for Windows, which arises from the fact that under certain conditions, memory contains passwords used to log on to the SAP system, which could...