|
641
|
5.4 |
MEDIUM
Network
|
-
|
-
|
OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restr…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-44998
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
642
|
5.3 |
MEDIUM
Network
|
-
|
-
|
OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as trusted system events. Attacke…
New
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-44999
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
643
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This ha…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-0502
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
644
|
4.7 |
MEDIUM
Network
|
-
|
-
|
Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-27682
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
645
|
4.7 |
MEDIUM
Network
|
-
|
-
|
SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicki…
New
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-34258
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
646
|
8.2 |
HIGH
Local
|
-
|
-
|
Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbi…
New
|
CWE-77
Command Injection
|
CVE-2026-34259
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
647
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user to perform malicious configuration upload and code injection, resulting in arbitrary server-side code …
New
|
CWE-459
Incomplete Cleanup
|
CVE-2026-34263
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
648
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processe…
New
|
CWE-94
Code Injection
|
CVE-2026-40129
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
649
|
3.4 |
LOW
Local
|
-
|
-
|
SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploi…
New
|
CWE-89
SQL Injection
|
CVE-2026-40131
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
650
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Due to missing authorization check in SAP Strategic Enterprise Management (Scorecard Wizard in Business Server Pages), an authenticated attacker could access information that they are otherwise unaut…
New
|
CWE-862
Missing Authorization
|
CVE-2026-40132
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
