sap

1,577 tracked vulnerabilities.

CVE-2026-27680 LOW
CSS Injection vulnerability in SAP NetWeaver Application Server ABAP
May 14, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-40135 MEDIUM
OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
May 12, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-27682 MEDIUM
SAP NetWeaver AS ABAP Business Server Pages - Reflected Cross-Site Scripting
May 12, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-34264 MEDIUM
Information Disclosure vulnerability in SAP Human Capital Management for SAP S/4HANA
Apr 14, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34262 MEDIUM
Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
Apr 14, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-34257 MEDIUM
Open Redirect vulnerability in SAP NetWeaver Application Server ABAP
Apr 14, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27679 MEDIUM
Missing Authorization check in SAP S/4HANA Frontend OData Service (Manage Reference Structures)
Apr 14, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-27674 MEDIUM
Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java)
Apr 14, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27688 MEDIUM
SAP NetWeaver ABAP - Privilege Escalation
Mar 10, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-24316 MEDIUM
SAP NetWeaver Application Server for ABAP - Server-Side Request Forgery via ABAP Test Report
Mar 10, 2026
CVSS 6.4
EPSS 0.00
CVE-2026-24310 LOW
SAP NetWeaver ABAP - Info Disclosure
Mar 10, 2026
CVSS 3.5
EPSS 0.00
CVE-2026-24309 MEDIUM
SAP NetWeaver ABAP - Privilege Escalation
Mar 10, 2026
CVSS 6.4
EPSS 0.00
CVE-2026-24314 MEDIUM
SAP S/4HANA Manage Payment Media - Authenticated Exposure of Sensitive System Information
Feb 24, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-24328 MEDIUM
SAP TAF_APPLAUNCHER - Open Redirect
Feb 10, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-24327 MEDIUM
SAP Strategic Enterprise Management - Info Disclosure
Feb 10, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-24326 MEDIUM
SAP S/4HANA Defense & Security - Missing Authorization Check in Disconnected Operations
Feb 10, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-24325 MEDIUM
SAP BusinessObjects Enterprise - XSS
Feb 10, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-24324 MEDIUM
SAP BusinessObjects Business Intelligence Platform - Authenticated Denial of Service via AdminTools Query
Feb 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-24323 MEDIUM
SAP BSP Applications - Reflected Cross-Site Scripting
Feb 10, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-24322 HIGH
SAP Solution Tools Plug-In - Authenticated Information Disclosure via Missing Authorization
Feb 10, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-24321 MEDIUM
SAP Commerce Cloud - Info Disclosure
Feb 10, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-24320 LOW
SAP NetWeaver AS ABAP Kernel - Memory Corruption via Crafted Input
Feb 10, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-24319 MEDIUM
SAP Business One - Cleartext Storage of Sensitive Information in Memory
Feb 10, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-24312 MEDIUM
SAP Business Workflow - Privilege Escalation
Feb 10, 2026
CVSS 5.2
EPSS 0.00
CVE-2026-23689 HIGH
SAP Supply Chain Management and Advanced Planning and Optimization - Denial of Service via Resource Consumption
Feb 10, 2026
CVSS 7.7
EPSS 0.00