54 Total CVEs
40 AI Analyzed
0 CISA KEV
26 Critical
All Vendors
Showing 1-54 of 54 CVEs
CVE-2026-6691
Analyzed
7.8
SAP C Driver

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before...

2026-05-07
CVE-2026-48716
Analyzed
8.7
SAP nanobot

nanobot is a personal AI assistant

2026-06-20
CVE-2026-4747
Analyzed
8.8
SAP SAP Software (RPCSEC_GSS implementation)

Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet

2026-03-27
CVE-2026-44748
Analyzed
9.9
SAP NetWeaver Application Server ABAP

An authenticated attacker can tamper with signed XML documents in SAP NetWeaver, leading to unauthorized access and potential system disruption.

2026-06-09
CVE-2026-35589
8
SAP Multiple Products

nanobot is a personal AI assistant

2026-04-15
CVE-2026-34758
Analyzed
9.1
SAP OneUptime

Unauthenticated access to notification and phone management endpoints in OneUptime allows attackers to abuse communication services and perform unauth...

2026-04-03
CVE-2026-34263
Analyzed
9.6
SAP Commerce cloud

SAP Commerce Cloud allows unauthenticated users to perform arbitrary code execution due to improper Spring Security configuration.

2026-05-12
CVE-2026-34260
Analyzed
9.6
SAP Enterprise Search

SAP Enterprise Search for ABAP is vulnerable to SQL injection, allowing authenticated attackers to execute malicious database queries.

2026-05-12
CVE-2026-34259
8.2
SAP Forecasting

Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could ab...

2026-05-12
CVE-2026-34256
7.1
SAP ERP and

Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular A...

2026-04-14
CVE-2026-32968
Analyzed
9.8
SAP com_mb24sysapi module

An unauthenticated remote attacker can exploit an OS command injection vulnerability in the SAP com_mb24sysapi module, leading to full system compromi...

2026-03-24
CVE-2026-27685
Analyzed
9.1
SAP NetWeaver Enterprise

SAP NetWeaver Enterprise Portal is vulnerable to a critical deserialization flaw that allows privileged users to compromise the confidentiality, integ...

2026-03-11
CVE-2026-27681
Analyzed
9.9
SAP Business Planning

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute craf...

2026-04-14
CVE-2026-27671
Analyzed
9.8
SAP NetWeaver Application Server ABAP

A memory corruption vulnerability in the SAP Kernel allows unauthenticated attackers to trigger crashes or execute code via crafted RFC requests.

2026-06-09
CVE-2026-2577
Analyzed
10
SAP WhatsApp bridge

The Nanobot WhatsApp bridge component exposes an unauthenticated WebSocket server on all network interfaces, allowing remote attackers to hijack sessi...

2026-02-17
CVE-2026-24322
Analyzed
7.7
SAP Solution Tools

SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowi...

2026-02-10
CVE-2026-23689
Analyzed
7.7
SAP SAP NetWeaver

Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network acce...

2026-02-10
CVE-2026-23687
Analyzed
8.8
SAP NetWeaver Application

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and s...

2026-02-10
CVE-2026-0511
8.1
SAP Multiple Products

SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation o...

2026-01-13
CVE-2026-0509
Analyzed
9.6
SAP NetWeaver Application

SAP NetWeaver AS ABAP allows low-privileged authenticated users to execute Remote Function Calls (RFC) without proper S_RFC authorization, impacting s...

2026-02-10
CVE-2026-0507
Analyzed
8.4
SAP Multiple Products

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrativ...

2026-01-13
CVE-2026-0501
Analyzed
9.9
SAP Multiple Products

Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise (Financials General Ledger), an authenticated user could execute craf...

2026-01-13
CVE-2026-0500
Analyzed
9.6
SAP Multiple Products

Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager (WorkStation), an unauthenticated attacker could create...

2026-01-13
CVE-2026-0498
Analyzed
9.1
SAP Multiple Products

SAP S/4HANA (Private Cloud and On-Premise) allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC....

2026-01-13
CVE-2026-0492
Analyzed
8.8
SAP Multiple Products

SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially...

2026-01-13
CVE-2026-0491
Analyzed
9.1
SAP Multiple Products

SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw ena...

2026-01-13
CVE-2026-0490
Analyzed
7.5
SAP BusinessObjects BI

SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authent...

2026-02-10
CVE-2026-0488
Analyzed
9.9
SAP CRM and

A flaw in SAP CRM and S/4HANA allows authenticated attackers to exploit generic function module calls to execute arbitrary SQL statements, leading to...

2026-02-10
CVE-2026-0485
7.5
SAP BusinessObjects BI

SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (...

2026-02-10
CVE-2025-5878
7.3
SAP Multiple Products

A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic

2025-07-06
CVE-2025-56110
8.8
SAP Multiple Products

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the actio...

2025-12-13
CVE-2025-42976
8.1
SAP Multiple Products

SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document applic...

2025-08-12
CVE-2025-42967
Analyzed
9.9
SAP Multiple Products

SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to crea...

2025-07-08
CVE-2025-42957
Analyzed
9.9
SAP Multiple Products

SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection...

2025-08-12
CVE-2025-42953
8.1
SAP Multiple Products

SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges

2025-07-10
CVE-2025-42951
Analyzed
8.8
SAP Multiple Products

Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the co...

2025-08-12
CVE-2025-42950
Analyzed
9.9
SAP Multiple Products

SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This fla...

2025-08-12
CVE-2025-42944
Analyzed
10
SAP Multiple Products

Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting...

2025-09-09
CVE-2025-42940
7.5
SAP Multiple Products

SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN

2025-11-13
CVE-2025-42937
Analyzed
9.8
SAP Multiple Products

SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to th...

2025-10-14
CVE-2025-42933
8.8
SAP Multiple Products

When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs

2025-09-09
CVE-2025-42928
Analyzed
9.1
SAP Multiple Products

Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The sy...

2025-12-10
CVE-2025-42922
Analyzed
9.9
SAP Multiple Products

SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file....

2025-09-09
CVE-2025-42910
Analyzed
9
SAP Multiple Products

Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files....

2025-10-14
CVE-2025-42880
Analyzed
9.9
SAP Multiple Products

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function...

2025-12-10
CVE-2025-42878
8.2
SAP Multiple Products

SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production

2025-12-10
CVE-2025-42877
7.5
SAP Multiple Products

SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to...

2025-12-11
CVE-2025-42874
7.9
SAP Multiple Products

SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system...

2025-12-10
CVE-2025-3498
Analyzed
9.9
SAP Multiple Products

An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) configuration. Th...

2025-07-10
CVE-2025-3497
Analyzed
8.7
SAP Multiple Products

The Linux distribution underlying the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1

2025-07-10
CVE-2023-21476
Analyzed
8
SAP Multiple Products

Out-of-bounds Write vulnerability in libaudiosaplus_sec

2025-09-03
CVE-2023-21475
Analyzed
8
SAP Multiple Products

Out-of-bounds Write vulnerability in libaudiosaplus_sec

2025-09-03
CVE-2021-47985
Analyzed
7.8
SAP SAPSprint

Brother SAPSprint 7

2026-06-21
CVE-2019-25487
Analyzed
9.8
SAP RB-1732

Sapido RB-1732 V2.0.43 is vulnerable to unauthenticated remote command execution via the formSysCmd endpoint, allowing attackers to execute arbitrary...

2026-03-12