sap
1,577 tracked vulnerabilities.
CVE-2026-27680
LOW
CSS Injection vulnerability in SAP NetWeaver Application Server ABAP
May 14, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-40135
MEDIUM
OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
May 12, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-27682
MEDIUM
SAP NetWeaver AS ABAP Business Server Pages - Reflected Cross-Site Scripting
May 12, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-34264
MEDIUM
Information Disclosure vulnerability in SAP Human Capital Management for SAP S/4HANA
Apr 14, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34262
MEDIUM
Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
Apr 14, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-34257
MEDIUM
Open Redirect vulnerability in SAP NetWeaver Application Server ABAP
Apr 14, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27679
MEDIUM
Missing Authorization check in SAP S/4HANA Frontend OData Service (Manage Reference Structures)
Apr 14, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-27674
MEDIUM
Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java)
Apr 14, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27688
MEDIUM
SAP NetWeaver ABAP - Privilege Escalation
Mar 10, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-24316
MEDIUM
SAP NetWeaver Application Server for ABAP - Server-Side Request Forgery via ABAP Test Report
Mar 10, 2026
CVSS 6.4
EPSS 0.00
CVE-2026-24310
LOW
SAP NetWeaver ABAP - Info Disclosure
Mar 10, 2026
CVSS 3.5
EPSS 0.00
CVE-2026-24309
MEDIUM
SAP NetWeaver ABAP - Privilege Escalation
Mar 10, 2026
CVSS 6.4
EPSS 0.00
CVE-2026-24314
MEDIUM
SAP S/4HANA Manage Payment Media - Authenticated Exposure of Sensitive System Information
Feb 24, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-24328
MEDIUM
SAP TAF_APPLAUNCHER - Open Redirect
Feb 10, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-24327
MEDIUM
SAP Strategic Enterprise Management - Info Disclosure
Feb 10, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-24326
MEDIUM
SAP S/4HANA Defense & Security - Missing Authorization Check in Disconnected Operations
Feb 10, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-24325
MEDIUM
SAP BusinessObjects Enterprise - XSS
Feb 10, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-24324
MEDIUM
SAP BusinessObjects Business Intelligence Platform - Authenticated Denial of Service via AdminTools Query
Feb 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-24323
MEDIUM
SAP BSP Applications - Reflected Cross-Site Scripting
Feb 10, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-24322
HIGH
SAP Solution Tools Plug-In - Authenticated Information Disclosure via Missing Authorization
Feb 10, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-24321
MEDIUM
SAP Commerce Cloud - Info Disclosure
Feb 10, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-24320
LOW
SAP NetWeaver AS ABAP Kernel - Memory Corruption via Crafted Input
Feb 10, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-24319
MEDIUM
SAP Business One - Cleartext Storage of Sensitive Information in Memory
Feb 10, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-24312
MEDIUM
SAP Business Workflow - Privilege Escalation
Feb 10, 2026
CVSS 5.2
EPSS 0.00
CVE-2026-23689
HIGH
SAP Supply Chain Management and Advanced Planning and Optimization - Denial of Service via Resource Consumption
Feb 10, 2026
CVSS 7.7
EPSS 0.00
Products
3d_visual_enterprise_viewer 131
netweaver 102
netweaver_application_server_abap 86
businessobjects_business_intelligence_platform 73
netweaver_application_server_java 69
businessobjects_business_intelligence 45
hana 38
solution_manager 33
business_one 31
internet_graphics_server 28
3d_visual_enterprise_author 27
businessobjects 23
netweaver_abap 21
netweaver_process_integration 21
netweaver_enterprise_portal 20
business_objects_business_intelligence_platform 18
commerce_cloud 18
hana_extended_application_services 18
sap_basis 18
s\/4hana 17
disclosure_management 16
host_agent 15
adaptive_server_enterprise 14
enable_now 14
s4core 13
abap_platform 12
customer_relationship_management_webclient_ui 12
netweaver_as_abap 12
sap_db 12
sap_kernel 11
Quick Filters