Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Tag: sap Clear
ID Title
CVE-2026-27680 Vulnerability in sap (CVE-2026-27680)
vulnerability in sap (CVE-2026-27680). Risk of unauthorized operations or information disclosure.
CVE-2026-40135 Command Injection in sap (CVE-2026-40135)
command injection in sap (CVE-2026-40135). Data can be tampered with by attackers.
CVE-2026-27682 Cross-Site Scripting (XSS) in sap (CVE-2026-27682)
cross-site scripting in sap (CVE-2026-27682). Risk of unauthorized operations or information disclosure.
CVE-2026-34257 Open Redirect in sap (CVE-2026-34257)
vulnerability in sap (CVE-2026-34257). Risk of unauthorized operations or information disclosure.
CVE-2026-27674 Code Injection in sap (CVE-2026-27674)
code injection in sap (CVE-2026-27674). Risk of unauthorized operations or information disclosure.
CVE-2026-27688 Vulnerability in sap (CVE-2026-27688)
vulnerability in sap (CVE-2026-27688). Risk of unauthorized operations or information disclosure.
CVE-2026-24316 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-24316)
SSRF in ssrf (CVE-2026-24316). Risk of unauthorized operations or information disclosure.
CVE-2026-24310 Vulnerability in sap (CVE-2026-24310)
vulnerability in sap (CVE-2026-24310). Risk of unauthorized operations or information disclosure.
CVE-2026-24309 Vulnerability in sap (CVE-2026-24309)
vulnerability in sap (CVE-2026-24309). Risk of unauthorized operations or information disclosure.
CVE-2026-23687 Vulnerability in sap (CVE-2026-23687)
vulnerability in sap (CVE-2026-23687). Successful exploitation can lead to full system takeover.
CVE-2025-42999 KEV [KEV] Unsafe Deserialization in Sap netweaver (CVE-2025-42999)
vulnerability in Sap netweaver (CVE-2025-42999). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-31324 KEV [KEV] Unrestricted File Upload in Sap netweaver (CVE-2025-31324)
vulnerability in Sap netweaver (CVE-2025-31324). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-12637 KEV [KEV] Path Traversal in Sap netweaver (CVE-2017-12637)
path traversal in Sap netweaver (CVE-2017-12637). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-0344 KEV [KEV] Unsafe Deserialization in Sap commerce-cloud (CVE-2019-0344)
vulnerability in Sap commerce-cloud (CVE-2019-0344). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-22536 KEV [KEV] Vulnerability in Sap multiple-products (CVE-2022-22536)
vulnerability in Sap multiple-products (CVE-2022-22536). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-35293 Vulnerability in sap (CVE-2022-35293)
vulnerability in sap (CVE-2022-35293). Confidential information can be exposed externally.
CVE-2021-38163 KEV [KEV] Vulnerability in Sap netweaver (CVE-2021-38163)
vulnerability in Sap netweaver (CVE-2021-38163). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2016-2386 KEV [KEV] SQL Injection in Sap netweaver (CVE-2016-2386)
SQL injection in Sap netweaver (CVE-2016-2386). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2016-2388 KEV [KEV] Information Disclosure in Sap netweaver (CVE-2016-2388)
vulnerability in Sap netweaver (CVE-2016-2388). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2018-2380 KEV [KEV] Path Traversal in Sap customer-relationship-management-crm (CVE-2018-2380)
path traversal in Sap customer-relationship-management-crm (CVE-2018-2380). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2016-9563 KEV [KEV] XXE (XML External Entity) in Sap netweaver (CVE-2016-9563)
vulnerability in Sap netweaver (CVE-2016-9563). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-6287 KEV [KEV] Vulnerability in Sap netweaver (CVE-2020-6287)
vulnerability in Sap netweaver (CVE-2020-6287). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-6207 KEV [KEV] Vulnerability in Sap solution-manager (CVE-2020-6207)
vulnerability in Sap solution-manager (CVE-2020-6207). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2016-3976 KEV [KEV] Path Traversal in Sap netweaver (CVE-2016-3976)
path traversal in Sap netweaver (CVE-2016-3976). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-16687 Information Disclosure in sap (CVE-2017-16687)
vulnerability in sap (CVE-2017-16687). Risk of unauthorized operations or information disclosure.
CVE-2017-16678 SSRF (Server-Side Request Forgery) in ssrf (CVE-2017-16678)
SSRF in ssrf (CVE-2017-16678). Risk of unauthorized operations or information disclosure.
CVE-2017-16679 Open Redirect in sap (CVE-2017-16679)
vulnerability in sap (CVE-2017-16679). Risk of unauthorized operations or information disclosure.
CVE-2017-16680 Vulnerability in sap (CVE-2017-16680)
vulnerability in sap (CVE-2017-16680). Data can be tampered with by attackers.
CVE-2017-16681 Cross-Site Scripting (XSS) in sap (CVE-2017-16681)
cross-site scripting in sap (CVE-2017-16681). Risk of unauthorized operations or information disclosure.
CVE-2017-16682 Code Injection in sap (CVE-2017-16682)
code injection in sap (CVE-2017-16682). Successful exploitation can lead to full system takeover.
CVE-2017-16684 Authentication Bypass in sap (CVE-2017-16684)
authentication bypass in sap (CVE-2017-16684). Successful exploitation can lead to full system takeover.
CVE-2017-16685 Cross-Site Scripting (XSS) in sap (CVE-2017-16685)
cross-site scripting in sap (CVE-2017-16685). Risk of unauthorized operations or information disclosure.
CVE-2017-16689 Authentication Bypass in sap (CVE-2017-16689)
authentication bypass in sap (CVE-2017-16689). Successful exploitation can lead to full system takeover.
CVE-2017-16690 Vulnerability in sap (CVE-2017-16690)
vulnerability in sap (CVE-2017-16690). Successful exploitation can lead to full system takeover.
CVE-2017-16691 Vulnerability in sap (CVE-2017-16691)
vulnerability in sap (CVE-2017-16691). Data can be tampered with by attackers.
CVE-2017-14516 Cross-Site Scripting (XSS) in sap (CVE-2017-14516)
cross-site scripting in sap (CVE-2017-14516). Risk of unauthorized operations or information disclosure.
CVE-2017-15297 Authentication Bypass in sap (CVE-2017-15297)
authentication bypass in sap (CVE-2017-15297). Risk of unauthorized operations or information disclosure.
CVE-2017-15296 The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964.
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964.
CVE-2017-15295 Authentication Bypass in sap (CVE-2017-15295)
authentication bypass in sap (CVE-2017-15295). Successful exploitation can lead to full system takeover.
CVE-2017-15293 Authentication Bypass in sap (CVE-2017-15293)
authentication bypass in sap (CVE-2017-15293). Successful exploitation can lead to full system takeover.
CVE-2017-15294 The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964.
The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964.
CVE-2017-10701 Cross-Site Scripting (XSS) in sap (CVE-2017-10701)
cross-site scripting in sap (CVE-2017-10701). Risk of unauthorized operations or information disclosure.
CVE-2017-14511 Vulnerability in sap (CVE-2017-14511)
vulnerability in sap (CVE-2017-14511). Risk of unauthorized operations or information disclosure.
CVE-2015-7241 XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
CVE-2014-8871 Path Traversal in path-traversal (CVE-2014-8871)
path traversal in path-traversal (CVE-2014-8871). Confidential information can be exposed externally.
CVE-2017-11460 Cross-Site Scripting (XSS) in sap (CVE-2017-11460)
cross-site scripting in sap (CVE-2017-11460). Risk of unauthorized operations or information disclosure.
CVE-2017-11459 Code Injection in sap (CVE-2017-11459)
code injection in sap (CVE-2017-11459). Successful exploitation can lead to full system takeover.
CVE-2017-11458 Cross-Site Scripting (XSS) in sap (CVE-2017-11458)
cross-site scripting in sap (CVE-2017-11458). Risk of unauthorized operations or information disclosure.
CVE-2017-11457 XXE (XML External Entity) in ssrf (CVE-2017-11457)
vulnerability in ssrf (CVE-2017-11457). Confidential information can be exposed externally.
CVE-2017-9845 Vulnerability in dos (CVE-2017-9845)
vulnerability in dos (CVE-2017-9845). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →