|
391
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-0512
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
392
|
4.2 |
MEDIUM
Network
|
-
|
-
|
Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauth…
Update
|
CWE-539
Use of Persistent Cookies Containing Sensitive Information
|
CVE-2026-24318
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
393
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulting in the disclosure of sensitive information. This vulnerability has a lo…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-27672
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
394
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operation…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-27673
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
395
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted by the application and cau…
Update
|
CWE-94
Code Injection
|
CVE-2026-27674
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
396
|
2.0 |
LOW
Network
|
-
|
-
|
SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due t…
Update
|
CWE-94
Code Injection
|
CVE-2026-27675
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
397
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Technical Object Structures), an attacker could update and delete child entities via exposed OData services without proper…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-27676
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
398
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could update and delete child entities via OData services without proper authorization. …
Update
|
CWE-862
Missing Authorization
|
CVE-2026-27677
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
399
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Due to missing authorization checks in the SAP S/4HANA backend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without prope…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-27678
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
400
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without prop…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-27679
|
2026-04-18 00:18 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
