|
2331
|
9.9 |
CRITICAL
Network
|
-
|
-
|
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-44748
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2332
|
4.3 |
MEDIUM
Network
|
-
|
-
|
SAP MDG (Review Match Groups Application) does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions that would otherwise b…
|
CWE-862
Missing Authorization
|
CVE-2026-44750
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2333
|
7.1 |
HIGH
Network
|
-
|
-
|
Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belongi…
|
CWE-862
Missing Authorization
|
CVE-2026-44751
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2334
|
6.6 |
MEDIUM
Network
|
-
|
-
|
The Remote Function Call (RFC) modules of the Operational Data Provisioning Data Replication API (ODP-RFC) are missing caller identification of permitted SAP-internal applications and are being used …
|
CWE-862
Missing Authorization
|
CVE-2026-44754
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2335
|
4.3 |
MEDIUM
Network
|
-
|
-
|
SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerab…
|
CWE-346
Origin Validation Error
|
CVE-2026-44755
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2336
|
4.7 |
MEDIUM
Network
|
-
|
-
|
SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in t…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44757
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2337
|
7.5 |
HIGH
Network
|
-
|
-
|
Use after free in Compositing in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
|
CWE-416
Use After Free
|
CVE-2026-11639
|
2026-06-9 10:37 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2338
|
7.5 |
HIGH
Network
|
-
|
-
|
Use after free in Bluetooth in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafte…
|
CWE-416
Use After Free
|
CVE-2026-11641
|
2026-06-9 10:37 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2339
|
5.5 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBinds results in b…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-11516
|
2026-06-9 10:34 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2340
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument f…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-11518
|
2026-06-9 10:34 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
