Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

58 matches found

NVD
NVDadded 2026/05/12 3:16 a.m.10 views

CVE-2026-34258

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

4.7CVSS0.00249EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/12 2:19 a.m.4 views

CVE-2026-34258

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

4.7CVSS5.8AI score0.00249EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/12 2:19 a.m.7 views

CVE-2026-34258 Content Spoofing vulnerability in SAPUI5 (Search UI)

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

4.7CVSS5.8AI score0.00249EPSS
Exploits0References2
CVE
CVEadded 2026/05/12 2:19 a.m.12 views

CVE-2026-34258

SAPUI5 (Search UI) is affected by CVE-2026-34258. An unauthenticated attacker can manipulate specific URL parameters in the Search UI to deliver attacker-controlled content, potentially misleading users into clicking on pages rendered by the application. Impact is confined to confidentiality (low...

4.7CVSS5.8AI score0.00249EPSS
Exploits0References2
NVD
NVDadded 2025/12/09 4:17 p.m.4 views

CVE-2025-42873

SAPUI5 and OpenUI5 packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system...

5.9CVSS0.0032EPSS
Exploits0References2
CVE
CVEadded 2025/12/09 2:14 a.m.12 views

CVE-2025-42873

SAPUI5 (and OpenUI5) packages include the markdown-it component with outdated third‑party libraries, enabling an infinite loop on specially malformed input. This DoS causes high CPU use and unresponsiveness by blocking the processing thread, with no confidentiality or integrity impact reported. N...

5.9CVSS6.7AI score0.0032EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2019-1054

Malware in sbrugna...

6.1CVSS6.3AI score0.01325EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-17598

Malicious code in bioql PyPI...

3CVSS6.5AI score0.00185EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2024-30752

Malicious code in bioql PyPI...

3.5CVSS5AI score0.00341EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2023-35107

Malicious code in bioql PyPI...

7.1CVSS6.4AI score0.00438EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2022-33209

Malicious code in bioql PyPI...

6.1CVSS6.8AI score0.00765EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/06/12 12:18 a.m.3 views

CVE-2025-42990

Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidentiality or Availability are not impacted...

3CVSS4.1AI score0.00185EPSS
Exploits0References1
NVD
NVDadded 2025/06/10 1:15 a.m.9 views

CVE-2025-42990

Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidentiality or Availability are not impacted...

3CVSS0.00185EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/06/10 12:12 a.m.12 views

CVE-2025-42990 HTML Injection in Unprotected SAPUI5 applications

Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidentiality or Availability are not impacted...

3CVSS0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/06/10 12:12 a.m.3 views

CVE-2025-42990 HTML Injection in Unprotected SAPUI5 applications

Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidentiality or Availability are not impacted...

3CVSS4AI score0.00185EPSS
Exploits0References2
CVE
CVEadded 2025/06/10 12:12 a.m.50 views

CVE-2025-42990

CVE-2025-42990 involves unprotected SAPUI5 applications allowing an attacker with basic privileges to inject malicious HTML into a webpage, causing a redirect to an attacker-controlled URL. The impact is limited to integrity (no confidentiality or availability impact) as described in multiple sou...

3CVSS4.1AI score0.00185EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/06/10 12:0 a.m.3 views

SAP SAPUI5 跨站脚本漏洞

SAP SAPUI5 is a JavaScript application framework from SAP, a German company. A cross-site scripting vulnerability exists in SAP SAPUI5 that originates from allowing the injection of malicious HTML code that could result in a redirection to an attacker-controlled URL...

3CVSS6.3AI score0.00185EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/06/10 12:0 a.m.2 views

PT-2025-24592 · Sap · Sapui5

Name of the Vulnerable Software and Affected Versions: SAPUI5 affected versions not specified Description: The issue allows an attacker with basic privileges to inject malicious HTML code into a webpage, redirecting users to the attacker-controlled URL. This could impact the integrity of the...

3CVSS6.1AI score0.00185EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/05/23 8:43 a.m.2 views

CVE-2024-33007

PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript or any harmful client-side script, the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential securi...

3.5CVSS7.1AI score0.00341EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 5:17 a.m.3 views

CVE-2023-30743

Due to improper neutralization of input in SAPUI5 - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by th...

7.1CVSS7AI score0.00438EPSS
Exploits0References1
Rows per page
Query Builder