|
651
|
9.6 |
CRITICAL
Network
|
-
|
-
|
SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The applica…
New
|
CWE-89
SQL Injection
|
CVE-2026-34260
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
652
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact o…
New
|
CWE-862
Missing Authorization
|
CVE-2026-40133
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
653
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operatio…
New
|
CWE-862
Missing Authorization
|
CVE-2026-40134
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
654
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially c…
New
|
CWE-77
Command Injection
|
CVE-2026-40135
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
655
|
4.3 |
MEDIUM
Network
|
-
|
-
|
SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromis…
New
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-40136
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
656
|
6.1 |
MEDIUM
Network
|
-
|
-
|
SAP TAF_APPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft malicious links that, when clicked by a victim, redirects them to attacker?controlled sites, potentially e…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-40137
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
657
|
7.5 |
HIGH
Network
|
-
|
-
|
The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause denial of service condition. A manual res…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-40833
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
658
|
8.3 |
HIGH
Adjacent
|
-
|
-
|
A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All version…
New
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2025-40946
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
659
|
9.1 |
CRITICAL
Network
|
-
|
-
|
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-22924
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
660
|
7.5 |
HIGH
Network
|
-
|
-
|
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application is susceptible to resource exhaustion when subjected to high volume of TCP SYN packets
This cou…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-22925
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
