sap

1,577 tracked vulnerabilities.

CVE-2026-23688 MEDIUM
SAP Fiori App Manage Service Entry Sheets - Privilege Escalation
Feb 10, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-23687 HIGH
SAP NetWeaver Application Server ABAP/ABAP Platform - Privilege Esc...
Feb 10, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-23686 LOW
SAP NetWeaver Application Server Java - CRLF Injection
Feb 10, 2026
CVSS 3.4
EPSS 0.00
CVE-2026-23685 MEDIUM
SAP NetWeaver - Authenticated Denial of Service via JMS Service Deserialization
Feb 10, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-23684 MEDIUM
SAP Commerce cloud - Info Disclosure
Feb 10, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-23681 MEDIUM
SAP Support Tools Plug-In - Info Disclosure
Feb 10, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-0509 CRITICAL
SAP NetWeaver Application Server ABAP/ABAP Platform - Privilege Esc...
Feb 10, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-0508 HIGH
SAP BusinessObjects - Open Redirect
Feb 10, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-0505 MEDIUM
SAP Document Management System - Unauthenticated Open Redirect via URL Parameter Manipulation
Feb 10, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-0490 HIGH
SAP BusinessObjects BI Platform - Auth Bypass
Feb 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-0488 CRITICAL
SAP CRM/S/4HANA - Privilege Escalation
Feb 10, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-0486 MEDIUM
SAP Solution Tools Plug-In - Missing Authorization
Feb 10, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-0485 HIGH
SAP BusinessObjects BI Platform - DoS
Feb 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-0484 MEDIUM
SAP NetWeaver/S/4HANA - Privilege Escalation
Feb 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-0514 MEDIUM
SAP Business Connector - Unauthenticated Stored Cross-Site Scripting
Jan 13, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-0513 MEDIUM
SAP Supplier Relationship Management - Unauthenticated Open Redirect via SICF Handler
Jan 13, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-0506 HIGH
SAP NetWeaver Application Server ABAP - Authenticated Missing Authorization Check via RFC Function
Jan 13, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-0500 CRITICAL
SAP Wily Introscope Enterprise Manager - Unauthenticated OS Command Injection via Malicious JNLP File
Jan 13, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-0498 CRITICAL
SAP S/4HANA - Authenticated ABAP Code and OS Command Injection via RFC Function Module
Jan 13, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-0492 HIGH
SAP HANA Database - Privilege Escalation via User Switching
Jan 13, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-42894 MEDIUM
SAP Business Connector - Authenticated Path Traversal and Arbitrary File Write
Nov 11, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-42893 MEDIUM
SAP Business Connector - Unauthenticated Open Redirect via Malicious URL
Nov 11, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-42892 MEDIUM
SAP Business Connector - Authenticated OS Command Injection via Crafted Content Upload
Nov 11, 2025
CVSS 6.8
EPSS 0.01
CVE-2025-42886 MEDIUM
SAP Business Connector - Reflected Cross-Site Scripting via Malicious Link
Nov 11, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-42926 MEDIUM
SAP NetWeaver Application Server Java - Unauthenticated Sensitive Information Exposure via Internal File Access
Sep 09, 2025
CVSS 5.3
EPSS 0.00