24 matches found
CVE-2026-34260
SAP S/4HANA SAP Enterprise Search for ABAP contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the...
CVE-2026-24328
SAP TAFAPPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on...
CVE-2026-0497
SAP Product Designer Web UI of Business Server Pages allows authenticated non-administrative users to access non-sensitive information. This results in a low impact on confidentiality, with no impact on integrity or availability of the application...
CVE-2026-0497
SAP Product Designer Web UI of Business Server Pages allows authenticated non-administrative users to access non-sensitive information. This results in a low impact on confidentiality, with no impact on integrity or availability of the application...
EUVD-2024-42808
Malicious code in bioql PyPI...
Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver
Info ░█▄█░█▀█░█░█░█░█░█░█░▀█▀░█▀█░█▀█░█▀▄░█░█ ░█░█░█▀▀░█░█░...
The vulnerability of the SAP Product Lifecycle Costing Client software lies in its uncontrolled search mechanism, which allows attackers to disclose sensitive information.
The vulnerability of the SAP Product Lifecycle Costing Client software is related to an uncontrollable element in the search process. Exploiting this vulnerability can allow attackers to disclose sensitive information...
CVE-2024-47576
SAP Product Lifecycle Costing Client versions below 4.7.1 application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execut...
CVE-2024-47576 DLL Hijacking vulnerability in SAP Product Lifecycle Costing
SAP Product Lifecycle Costing Client versions below 4.7.1 application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execut...
CVE-2024-47576
CVE-2024-47576 concerns the SAP Product Lifecycle Costing Client (versions
CVE-2024-47576 DLL Hijacking vulnerability in SAP Product Lifecycle Costing
SAP Product Lifecycle Costing Client versions below 4.7.1 application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execut...
PT-2023-27932 · Sap · Sap S/4Hana
Name of the Vulnerable Software and Affected Versions: SAP S/4HANA versions 100 through 108 Description: The issue allows an attacker to upload an XML file as an attachment in the Create Single Payment application. When the XML file is clicked on in the attachment section, it opens in the browser...
CVE-2022-41173
Due to lack of proper memory management, when a victim opens manipulated AutoCAD .dxf, TeighaTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restar...
PT-2022-25724 · Sap · Sap 3D Visual Enterprise Viewer
Name of the Vulnerable Software and Affected Versions: SAP 3D Visual Enterprise Viewer version 9 Description: The issue is caused by a lack of proper memory management. When a victim opens a manipulated Right Hemisphere Binary .rh, .x3d file from untrusted sources, it can trigger a Remote Code...
PT-2022-25003 · Sap +1 · Sap 3D Visual Enterprise Author +1
Name of the Vulnerable Software and Affected Versions: SAP 3D Visual Enterprise Author version 9 Description: The issue arises due to improper memory management. When a victim opens a manipulated SolidWorks Drawing .slddrw file in SAP 3D Visual Enterprise Author, it can trigger a Remote Code...
SAP 3D Visual Enterprise Author 缓冲区错误漏洞
SAP 3D Visual Enterprise Author is a desktop application for managing 2D, 3D, animation, video and audio assets from SAP. A denial of service vulnerability exists in SAP 3D Visual Enterprise Author version 9, which stems from a lack of proper memory management, and can be exploited by an attacker...
PT-2022-25000 · Sap · Sap 3D Visual Enterprise Author
Name of the Vulnerable Software and Affected Versions: SAP 3D Visual Enterprise Author version 9 Description: The issue is caused by a lack of proper memory management. When a victim opens a manipulated ACIS Part and Assembly .sat file received from untrusted sources, it is possible that a Remote...
SAP 3D Visual Enterprise Author 缓冲区错误漏洞
SAP 3D Visual Enterprise Author is a desktop application from SAP Germany for managing 2D, 3D, animation, video and audio assets. SAP 3D Visual Enterprise Author suffers from a buffer overflow vulnerability, which stems from a lack of proper memory management and can be exploited by an attacker t...
PT-2022-25707 · Sap · Sap 3D Visual Enterprise Author
Name of the Vulnerable Software and Affected Versions: SAP 3D Visual Enterprise Author version 9 Description: The issue arises due to improper memory management. When a manipulated Windows Cursor File .cur, ico.x3d from untrusted sources is opened in the affected software, it can trigger Remote...
SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP Germany. The software supports publishing 2D and 3D scenes in all industry-standard desktop applications and supports separate installations as standalone executables and ActiveX spaces. The vulnerability can be exploited to crash the...