|
741
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted by the application and cau…
|
CWE-94
Code Injection
|
CVE-2026-27674
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
742
|
2.0 |
LOW
Network
|
-
|
-
|
SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due t…
|
CWE-94
Code Injection
|
CVE-2026-27675
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
743
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Technical Object Structures), an attacker could update and delete child entities via exposed OData services without proper…
|
CWE-862
Missing Authorization
|
CVE-2026-27676
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
744
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could update and delete child entities via OData services without proper authorization. …
|
CWE-862
Missing Authorization
|
CVE-2026-27677
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
745
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Due to missing authorization checks in the SAP S/4HANA backend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without prope…
|
CWE-862
Missing Authorization
|
CVE-2026-27678
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
746
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without prop…
|
CWE-862
Missing Authorization
|
CVE-2026-27679
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
747
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete da…
|
CWE-89
SQL Injection
|
CVE-2026-27681
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
748
|
4.1 |
MEDIUM
Network
|
-
|
-
|
SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script execute…
|
CWE-79
Cross-site Scripting
|
CVE-2026-27683
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
749
|
7.1 |
HIGH
Network
|
-
|
-
|
Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?charac…
|
CWE-862
Missing Authorization
|
CVE-2026-34256
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
750
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the pa…
|
CWE-601
Open Redirect
|
CVE-2026-34257
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
