SAP_SE

297 tracked vulnerabilities.

CVE-2026-34258 MEDIUM
Content Spoofing vulnerability in SAPUI5 (Search UI)
May 12, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-27682 MEDIUM
SAP NetWeaver AS ABAP Business Server Pages - Reflected Cross-Site Scripting
May 12, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-0502 MEDIUM
Cross Site Request Forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform
May 12, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-34264 MEDIUM
Information Disclosure vulnerability in SAP Human Capital Management for SAP S/4HANA
Apr 14, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34262 MEDIUM
Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
Apr 14, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-34261 MEDIUM
Missing Authorization check in SAP Business Analytics and SAP Content Management
Apr 14, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34257 MEDIUM
Open Redirect vulnerability in SAP NetWeaver Application Server ABAP
Apr 14, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-34256 HIGH
Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)
Apr 14, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-27683 MEDIUM
Reflected cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform
Apr 14, 2026
CVSS 4.1
EPSS 0.00
CVE-2026-27681 CRITICAL
SQL Injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse
Apr 14, 2026
CVSS 9.9
EPSS 0.01
CVE-2026-27679 MEDIUM
Missing Authorization check in SAP S/4HANA Frontend OData Service (Manage Reference Structures)
Apr 14, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-27678 MEDIUM
Missing Authorization check in SAP S/4HANA Backend OData Service (Manage Reference Structures)
Apr 14, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-27677 MEDIUM
Missing Authorization check in SAP S/4HANA OData Service (Manage Reference Equipment)
Apr 14, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-27676 MEDIUM
Missing Authorization check in SAP S/4HANA OData Service (Manage Technical Object Structures)
Apr 14, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27675 LOW
Code Injection vulnerability in SAP Landscape Transformation
Apr 14, 2026
CVSS 2.0
EPSS 0.00
CVE-2026-27674 MEDIUM
Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java)
Apr 14, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27673 MEDIUM
Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise)
Apr 14, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-27672 MEDIUM
Missing Authorization check in Material Master Application
Apr 14, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-24318 MEDIUM
Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform
Apr 14, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-0512 MEDIUM
Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog)
Apr 14, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-23687 HIGH
SAP NetWeaver Application Server ABAP/ABAP Platform - Privilege Esc...
Feb 10, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-23683 MEDIUM
SAP Fiori App Intercompany Balance Reconciliation - Privilege Escal...
Jan 27, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-0511 HIGH
SAP Fiori App - Privilege Escalation
Jan 13, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-0510 LOW
NetWeaver Application Server for Java - Info Disclosure
Jan 13, 2026
CVSS 3.0
EPSS 0.00
CVE-2026-0507 HIGH
SAP Application Server for ABAP - Command Injection
Jan 13, 2026
CVSS 8.4
EPSS 0.01