|
4401
|
- |
|
-
|
-
|
Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and ca…
|
CWE-617
Reachable Assertion
|
CVE-2026-35058
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4402
|
- |
|
-
|
-
|
A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS…
|
CWE-125
CWE-416
Out-of-bounds Read
Use After Free
|
CVE-2026-40215
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4403
|
4.2 |
MEDIUM
Network
|
-
|
-
|
SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credent…
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2026-24315
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4404
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that explo…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-27671
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4405
|
9.0 |
CRITICAL
Network
|
-
|
-
|
SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal an…
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2026-40128
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4406
|
3.7 |
LOW
Network
|
-
|
-
|
Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-44743
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4407
|
6.5 |
MEDIUM
Network
|
-
|
-
|
SAP S/4HANA(On-Premise) contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized dat…
|
CWE-89
SQL Injection
|
CVE-2026-44744
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4408
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver JAVA (JDBC Test Servlet), an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44746
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4409
|
9.9 |
CRITICAL
Network
|
-
|
-
|
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-44748
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4410
|
4.3 |
MEDIUM
Network
|
-
|
-
|
SAP MDG (Review Match Groups Application) does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions that would otherwise b…
|
CWE-862
Missing Authorization
|
CVE-2026-44750
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
