|
561
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete da…
Update
|
CWE-89
SQL Injection
|
CVE-2026-27681
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
562
|
4.1 |
MEDIUM
Network
|
-
|
-
|
SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script execute…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-27683
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
563
|
7.1 |
HIGH
Network
|
-
|
-
|
Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?charac…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-34256
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
564
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the pa…
Update
|
CWE-601
Open Redirect
|
CVE-2026-34257
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
565
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessin…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-34261
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
566
|
5.0 |
MEDIUM
Network
|
-
|
-
|
Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
Update
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-34262
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
567
|
6.5 |
MEDIUM
Network
|
-
|
-
|
During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the…
Update
|
CWE-204
Response Discrepancy Information Exposure
|
CVE-2026-34264
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
568
|
3.7 |
LOW
Network
|
-
|
-
|
A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (A…
Update
|
CWE-295
Improper Certificate Validation
|
CVE-2025-40745
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
569
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in th…
Update
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-24032
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
570
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an …
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-25654
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
