516 matches found
CVE-2026-14852
Privilege escalation in Checkmk versions 2.5.0 before 2.5.0p9, 2.4.0 before 2.4.0p34, 2.3.0 before 2.3.0p49, and 2.2.0 EOL allows a local unprivileged user to execute arbitrary commands as root by starting a process crafted to look like a SAP HANA instance. Without an explicit database...
CVE-2026-14852
CVE-2026-14852 : Privilege escalation in Checkmk affecting versions 2.5.0 before 2.5.0p9, 2.4.0 before 2.4.0p34, 2.3.0 before 2.3.0p49, and 2.2.0 (EOL). A local unprivileged user can execute arbitrary commands as root by exploiting the mk_sap_hana agent plugin, which derives SAP HANA instance ide...
CVE-2026-14852 mk_sap_hana: Privilege escalation via crafted sapstartsrv process name
Privilege escalation in Checkmk versions 2.5.0 before 2.5.0p9, 2.4.0 before 2.4.0p34, 2.3.0 before 2.3.0p49, and 2.2.0 EOL allows a local unprivileged user to execute arbitrary commands as root by starting a process crafted to look like a SAP HANA instance. Without an explicit database...
EUVD-2026-43652
Privilege escalation in Checkmk versions 2.5.0 before 2.5.0p9, 2.4.0 before 2.4.0p34, 2.3.0 before 2.3.0p49, and 2.2.0 EOL allows a local unprivileged user to execute arbitrary commands as root by starting a process crafted to look like a SAP HANA instance. Without an explicit database...
CVE-2026-44753
SAP HANA Database user self service tools allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts,...
CVE-2026-44770
Technical details for CVE-2026-44770 are not publicly provided in the supplied documents. Monitor for updates from SAP and CVE databases.
CVE-2026-44753 Information Disclosure vulnerability in SAP HANA Extended Application Services classic model (User Self Service)
SAP HANA Database user self service tools allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts,...
CVE-2026-40131 SQL Injection vulnerability in SAP HANA Deployment Infrastructure (HDI) deploy library
SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...
CVE-2026-40131
The CVE-2026-40131 entry concerns the SAP HDI deploy library (@sap/hdi-deploy). Affected component: SQL queries are dynamically constructed from user input without proper parameterization/prepared statements (root cause: lack of parameterization). Impact: confidentiality and availability of the a...
📄 SAP HANA Cockpit / Database Explorer Private Key Disclosure
SAP HANA Cockpit and SAP HANA Database Explorer expose the private key of their X.509 certificate. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Exposed Private Key of X.509 Certificate product: SAP HANA...
SUSE SLES16 Security Update : google-cloud-sap-agent (SUSE-SU-2026:21210-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:21210-1 advisory. This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 bsc1259816: - CVE-2026-33186:...
CVE-2026-34262
Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer...
CVE-2026-34262 Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer...
CVE-2026-34262
Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer...
SUSE SLES12 Security Update : google-cloud-sap-agent (SUSE-SU-2026:1195-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1195-1 advisory. This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 bsc1259816: - CVE-2026-33186:...
SUSE SLES15 / openSUSE 15 Security Update : google-cloud-sap-agent (SUSE-SU-2026:1194-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1194-1 advisory. This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 bsc1259816: -...
SUSE-SU-2026:1195-1 Security update for google-cloud-sap-agent
This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 bsc1259816: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260265. Changelog: Collect WLM metric...
Security update for google-cloud-sap-agent
This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 bsc1259816: CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260265. Changelog: Collect WLM metric...
CVE-2026-0492
SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system�s confidentiality, integrity, and availability...
CVE-2026-0492
SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system�s confidentiality, integrity, and availability...