|
2851
|
8.2 |
HIGH
Local
|
-
|
-
|
Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbi…
|
CWE-77
Command Injection
|
CVE-2026-34259
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2852
|
9.6 |
CRITICAL
Network
|
-
|
-
|
SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The applica…
|
CWE-89
SQL Injection
|
CVE-2026-34260
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2853
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processe…
|
CWE-94
Code Injection
|
CVE-2026-40129
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2854
|
3.4 |
LOW
Local
|
-
|
-
|
SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploi…
|
CWE-89
SQL Injection
|
CVE-2026-40131
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2855
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Due to missing authorization check in SAP Strategic Enterprise Management (Scorecard Wizard in Business Server Pages), an authenticated attacker could access information that they are otherwise unaut…
|
CWE-862
Missing Authorization
|
CVE-2026-40132
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2856
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact o…
|
CWE-862
Missing Authorization
|
CVE-2026-40133
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2857
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operatio…
|
CWE-862
Missing Authorization
|
CVE-2026-40134
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2858
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially c…
|
CWE-77
Command Injection
|
CVE-2026-40135
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2859
|
4.3 |
MEDIUM
Network
|
-
|
-
|
SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromis…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-40136
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2860
|
6.1 |
MEDIUM
Network
|
-
|
-
|
SAP TAF_APPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft malicious links that, when clicked by a victim, redirects them to attacker?controlled sites, potentially e…
|
CWE-79
Cross-site Scripting
|
CVE-2026-40137
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
