Export limit exceeded: 345430 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345430 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27681 | 1 Sap | 2 Business Planning And Consolidation, Business Warehouse | 2026-04-17 | 9.9 Critical |
| Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of the system. | ||||
| CVE-2026-34261 | 1 Sap | 2 Business Analytics, Content Management | 2026-04-17 | 6.5 Medium |
| Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects confidentiality, with no impact on integrity and availability. | ||||
| CVE-2025-3756 | 1 Abb | 4 800xa System, Symphony + Operations, Symphony Plus Mr (melody Rack) and 1 more | 2026-04-17 | 6.5 Medium |
| A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing the communication interfaces of the PM 877, CI850 and CI868 modules into fault mode or causing unavailability of the S+ Operations 61850 connectivity, resulting in a denial-of-service situation. The System 800xA IEC61850 Connect is not affected. Note: This vulnerability does not impact on the overall availability and functionality of the S+ Operations node, only the 61850 communication function. This issue affects AC800M (System 800xA): from 6.0.0x through 6.0.0303.0, from 6.1.0x through 6.1.0031.0, from 6.1.1x through 6.1.1004.0, from 6.1.1x through 6.1.1202.0, from 6.2.0x through 6.2.0006.0; Symphony Plus SD Series: A_0, A_1, A_2.003, A_3.005, A_4.001, B_0.005; Symphony Plus MR (Melody Rack): from 3.10 through 3.52; S+ Operations: 2.1, 2.2, 2.3, 3.3. | ||||
| CVE-2026-24318 | 1 Sap Se | 1 Sap Business Objects Business Intelligence Platform | 2026-04-17 | 4.2 Medium |
| Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued tokens after authentication, the attacker could assume the victim�s authenticated context. This could allow the attacker to access or modify information within the victim�s session scope, impacting confidentiality and integrity, while availability remains unaffected. | ||||
| CVE-2025-40745 | 1 Siemens | 7 Simcenter 3d, Simcenter Femap, Simcenter Star-ccm\+ and 4 more | 2026-04-17 | 3.7 Low |
| A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks. | ||||
| CVE-2026-6100 | 1 Python | 1 Cpython | 2026-04-17 | 8.1 High |
| Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable. | ||||
| CVE-2026-34264 | 1 Sap | 1 Erp Human Capital Management | 2026-04-17 | 6.5 Medium |
| During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information causing a high impact on confidentiality, while integrity and availability are unaffected. | ||||
| CVE-2026-27668 | 1 Siemens | 1 Ruggedcom Crossbow Secure Access Manager Primary (sam-p) | 2026-04-17 | 8.8 High |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and grant themselves access to any device group at any access level. | ||||
| CVE-2026-27672 | 1 Sap | 1 Material Master Application | 2026-04-17 | 4.3 Medium |
| The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulting in the disclosure of sensitive information. This vulnerability has a low impact on confidentiality and does not affect integrity and availability of the system. | ||||
| CVE-2026-27676 | 1 Sap | 1 S/4hana | 2026-04-17 | 4.3 Medium |
| Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Technical Object Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and availability are not impacted. | ||||
| CVE-2026-27677 | 1 Sap | 1 S/4hana | 2026-04-17 | 6.5 Medium |
| Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not impacted. | ||||
| CVE-2026-27678 | 1 Sap | 1 S/4hana | 2026-04-17 | 6.5 Medium |
| Due to missing authorization checks in the SAP S/4HANA backend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not impacted. | ||||
| CVE-2026-34257 | 1 Sap | 1 Netweaver Application Server Abap | 2026-04-17 | 6.1 Medium |
| Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability. | ||||
| CVE-2026-34262 | 1 Sap | 2 Hana Cockpit, Hana Database Explorer | 2026-04-17 | 5 Medium |
| Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer | ||||
| CVE-2025-52641 | 1 Hcltech | 1 Aion | 2026-04-17 | 2.9 Low |
| HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited information disclosure. | ||||
| CVE-2026-6384 | 1 Redhat | 1 Enterprise Linux | 2026-04-17 | 7.3 High |
| A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution. | ||||
| CVE-2026-5397 | 1 Omron | 1 Powerattendant Standard Edition | 2026-04-17 | 7.8 High |
| It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power Supply) management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is placed in the installation directory of this product, there is a possibility that the malicious DLL may be executed by exploiting the product’s behavior of loading missing DLLs from the same directory as the executable during service startup. | ||||
| CVE-2026-5160 | 1 Yuin | 1 Goldmark | 2026-04-17 | 6.1 Medium |
| Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting (XSS) due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check (IsDangerousURL) before resolving HTML entities. This allows an attacker to bypass protocol filtering by encoding dangerous schemes using HTML5 named character references. For example, a payload such as javascript:alert(1) is not recognized as dangerous during validation, leading to arbitrary script execution in the context of applications that render the URL. | ||||
| CVE-2024-33618 | 1 Bosch | 8 Bvms, Bvms Viewer, Divar Ip 7000 R2 and 5 more | 2026-04-17 | 7.5 High |
| Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 allows attackers to consume excessive amounts of disk space via network interface. | ||||
| CVE-2026-23772 | 1 Dell | 1 Storage Manager | 2026-04-17 | 7.3 High |
| Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||