|
2081
|
8.2 |
HIGH
Network
|
-
|
-
|
A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input ma…
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-41713
|
2026-05-12 23:20 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2082
|
- |
|
-
|
-
|
The affected applications contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process. (ZD…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2025-12659
|
2026-05-12 23:20 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2083
|
- |
|
-
|
-
|
Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
|
-
|
CVE-2026-8388
|
2026-05-12 23:20 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2084
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This ha…
|
CWE-352
Origin Validation Error
|
CVE-2026-0502
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2085
|
4.7 |
MEDIUM
Network
|
-
|
-
|
Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that …
|
CWE-79
Cross-site Scripting
|
CVE-2026-27682
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2086
|
4.7 |
MEDIUM
Network
|
-
|
-
|
SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicki…
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-34258
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2087
|
8.2 |
HIGH
Local
|
-
|
-
|
Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbi…
|
CWE-77
Command Injection
|
CVE-2026-34259
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2088
|
9.6 |
CRITICAL
Network
|
-
|
-
|
SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The applica…
|
CWE-89
SQL Injection
|
CVE-2026-34260
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2089
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processe…
|
CWE-94
Code Injection
|
CVE-2026-40129
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2090
|
3.4 |
LOW
Local
|
-
|
-
|
SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploi…
|
CWE-89
SQL Injection
|
CVE-2026-40131
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
