Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-27680 |
|
Vulnerability in sap (CVE-2026-27680)
vulnerability in sap (CVE-2026-27680). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40135 |
|
Command Injection in sap (CVE-2026-40135)
command injection in sap (CVE-2026-40135). Data can be tampered with by attackers.
|
| CVE-2026-27682 |
|
Cross-Site Scripting (XSS) in sap (CVE-2026-27682)
cross-site scripting in sap (CVE-2026-27682). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34257 |
|
Open Redirect in sap (CVE-2026-34257)
vulnerability in sap (CVE-2026-34257). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27674 |
|
Code Injection in sap (CVE-2026-27674)
code injection in sap (CVE-2026-27674). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27688 |
|
Vulnerability in sap (CVE-2026-27688)
vulnerability in sap (CVE-2026-27688). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24316 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-24316)
SSRF in ssrf (CVE-2026-24316). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24310 |
|
Vulnerability in sap (CVE-2026-24310)
vulnerability in sap (CVE-2026-24310). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24309 |
|
Vulnerability in sap (CVE-2026-24309)
vulnerability in sap (CVE-2026-24309). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23687 |
|
Vulnerability in sap (CVE-2026-23687)
vulnerability in sap (CVE-2026-23687). Successful exploitation can lead to full system takeover.
|
| CVE-2025-42999 KEV |
|
[KEV] Unsafe Deserialization in Sap netweaver (CVE-2025-42999)
vulnerability in Sap netweaver (CVE-2025-42999). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-31324 KEV |
|
[KEV] Unrestricted File Upload in Sap netweaver (CVE-2025-31324)
vulnerability in Sap netweaver (CVE-2025-31324). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-12637 KEV |
|
[KEV] Path Traversal in Sap netweaver (CVE-2017-12637)
path traversal in Sap netweaver (CVE-2017-12637). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-0344 KEV |
|
[KEV] Unsafe Deserialization in Sap commerce-cloud (CVE-2019-0344)
vulnerability in Sap commerce-cloud (CVE-2019-0344). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-22536 KEV |
|
[KEV] Vulnerability in Sap multiple-products (CVE-2022-22536)
vulnerability in Sap multiple-products (CVE-2022-22536). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-35293 |
|
Vulnerability in sap (CVE-2022-35293)
vulnerability in sap (CVE-2022-35293). Confidential information can be exposed externally.
|
| CVE-2021-38163 KEV |
|
[KEV] Vulnerability in Sap netweaver (CVE-2021-38163)
vulnerability in Sap netweaver (CVE-2021-38163). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2016-2386 KEV |
|
[KEV] SQL Injection in Sap netweaver (CVE-2016-2386)
SQL injection in Sap netweaver (CVE-2016-2386). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2016-2388 KEV |
|
[KEV] Information Disclosure in Sap netweaver (CVE-2016-2388)
vulnerability in Sap netweaver (CVE-2016-2388). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-2380 KEV |
|
[KEV] Path Traversal in Sap customer-relationship-management-crm (CVE-2018-2380)
path traversal in Sap customer-relationship-management-crm (CVE-2018-2380). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2010-5326 KEV |
|
[KEV] Vulnerability in Sap netweaver (CVE-2010-5326)
vulnerability in Sap netweaver (CVE-2010-5326). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2016-9563 KEV |
|
[KEV] XXE (XML External Entity) in Sap netweaver (CVE-2016-9563)
vulnerability in Sap netweaver (CVE-2016-9563). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-6287 KEV |
|
[KEV] Vulnerability in Sap netweaver (CVE-2020-6287)
vulnerability in Sap netweaver (CVE-2020-6287). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-6207 KEV |
|
[KEV] Vulnerability in Sap solution-manager (CVE-2020-6207)
vulnerability in Sap solution-manager (CVE-2020-6207). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2016-3976 KEV |
|
[KEV] Path Traversal in Sap netweaver (CVE-2016-3976)
path traversal in Sap netweaver (CVE-2016-3976). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-16685 |
|
Cross-Site Scripting (XSS) in sap (CVE-2017-16685)
cross-site scripting in sap (CVE-2017-16685). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-16678 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2017-16678)
SSRF in ssrf (CVE-2017-16678). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-16679 |
|
Open Redirect in sap (CVE-2017-16679)
vulnerability in sap (CVE-2017-16679). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-16680 |
|
Vulnerability in sap (CVE-2017-16680)
vulnerability in sap (CVE-2017-16680). Data can be tampered with by attackers.
|
| CVE-2017-16681 |
|
Cross-Site Scripting (XSS) in sap (CVE-2017-16681)
cross-site scripting in sap (CVE-2017-16681). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-16682 |
|
Code Injection in sap (CVE-2017-16682)
code injection in sap (CVE-2017-16682). Successful exploitation can lead to full system takeover.
|
| CVE-2017-16683 |
|
Vulnerability in dos (CVE-2017-16683)
vulnerability in dos (CVE-2017-16683). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-16684 |
|
Authentication Bypass in sap (CVE-2017-16684)
authentication bypass in sap (CVE-2017-16684). Successful exploitation can lead to full system takeover.
|
| CVE-2017-16687 |
|
Information Disclosure in sap (CVE-2017-16687)
vulnerability in sap (CVE-2017-16687). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-16689 |
|
Authentication Bypass in sap (CVE-2017-16689)
authentication bypass in sap (CVE-2017-16689). Successful exploitation can lead to full system takeover.
|
| CVE-2017-16690 |
|
Vulnerability in sap (CVE-2017-16690)
vulnerability in sap (CVE-2017-16690). Successful exploitation can lead to full system takeover.
|
| CVE-2017-16691 |
|
Vulnerability in sap (CVE-2017-16691)
vulnerability in sap (CVE-2017-16691). Data can be tampered with by attackers.
|
| CVE-2017-14516 |
|
Cross-Site Scripting (XSS) in sap (CVE-2017-14516)
cross-site scripting in sap (CVE-2017-14516). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-15297 |
|
Authentication Bypass in sap (CVE-2017-15297)
authentication bypass in sap (CVE-2017-15297). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-15296 |
|
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964.
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964.
|
| CVE-2017-15295 |
|
Authentication Bypass in sap (CVE-2017-15295)
authentication bypass in sap (CVE-2017-15295). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15294 |
|
The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964.
The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964.
|
| CVE-2017-15293 |
|
Authentication Bypass in sap (CVE-2017-15293)
authentication bypass in sap (CVE-2017-15293). Successful exploitation can lead to full system takeover.
|
| CVE-2017-10701 |
|
Cross-Site Scripting (XSS) in sap (CVE-2017-10701)
cross-site scripting in sap (CVE-2017-10701). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-14581 |
|
Vulnerability in dos (CVE-2017-14581)
vulnerability in dos (CVE-2017-14581). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-14511 |
|
Vulnerability in sap (CVE-2017-14511)
vulnerability in sap (CVE-2017-14511). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-7241 |
|
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
|
| CVE-2014-8871 |
|
Path Traversal in path-traversal (CVE-2014-8871)
path traversal in path-traversal (CVE-2014-8871). Confidential information can be exposed externally.
|
| CVE-2017-11460 |
|
Cross-Site Scripting (XSS) in sap (CVE-2017-11460)
cross-site scripting in sap (CVE-2017-11460). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11459 |
|
Code Injection in sap (CVE-2017-11459)
code injection in sap (CVE-2017-11459). Successful exploitation can lead to full system takeover.
|