Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted req
SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be public
Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker
Due to insecure file permissions in SAP BusinessObjects Business Intelligence Platform, an attacker who has local access to the system could modify files potentially disrupting operations or cause ser
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed b
SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to t
Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other user
CVE-2025-42950
CRITICAL CVSS 9.9
Find Similar
SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code int
CVE-2025-31330
CRITICAL CVSS 9.9
Find Similar
SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code int
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restrict
Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no
Under certain conditions, SAP Gateway Client allows a high-privileged user to access restricted information beyond the scope of the application. Due to the possibility of influencing application behav
Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests
SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser w
Due to a Cross-Site Scripting vulnerability in SAP Data Services Management Console, an authenticated attacker could exploit the search functionality associated with DQ job status reports. By intercep
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authen
Due to an Information Disclosure vulnerability in SAP NetWeaver Application Server Java, internal metadata files could be accessed via manipulated URLs. An unauthenticated attacker could exploit this
Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing
SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user, potentially revealing