|
1351
|
4.3 |
MEDIUM
Network
|
-
|
-
|
SAP MDG (Review Match Groups Application) does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions that would otherwise b…
|
CWE-862
Missing Authorization
|
CVE-2026-44750
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1352
|
7.1 |
HIGH
Network
|
-
|
-
|
Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belongi…
|
CWE-862
Missing Authorization
|
CVE-2026-44751
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1353
|
6.6 |
MEDIUM
Network
|
-
|
-
|
The Remote Function Call (RFC) modules of the Operational Data Provisioning Data Replication API (ODP-RFC) are missing caller identification of permitted SAP-internal applications and are being used …
|
CWE-862
Missing Authorization
|
CVE-2026-44754
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1354
|
4.3 |
MEDIUM
Network
|
-
|
-
|
SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerab…
|
CWE-346
Origin Validation Error
|
CVE-2026-44755
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1355
|
4.7 |
MEDIUM
Network
|
-
|
-
|
SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in t…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44757
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1356
|
- |
|
-
|
-
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover.…
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-46475
|
2026-06-9 11:06 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1357
|
- |
|
-
|
-
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeo…
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-46476
|
2026-06-9 11:06 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1358
|
- |
|
-
|
-
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. Thi…
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-46477
|
2026-06-9 11:06 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1359
|
- |
|
-
|
-
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This…
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-46478
|
2026-06-9 11:06 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1360
|
- |
|
-
|
-
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeove…
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-46479
|
2026-06-9 11:06 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
