Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploita
SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Upon successfully exploitation, an unauthen
SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose information about deployed server components, including their XML definitions. This information should
SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges ca
SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity
SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. The application allows attackers with basic user privileges to
SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploita
Due to an Information Disclosure vulnerability in SAP NetWeaver Application Server Java, internal metadata files could be accessed via manipulated URLs. An unauthenticated attacker could exploit this
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. By using a specific URL parameter, an unauthenticated attacker could r
User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting (XSS). This could enable an attacker to inject malicious payload that gets stored an
CVE-2026-40128
CRITICAL CVSS 9.0
Find Similar
SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and
In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local acce
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function mod
CVE-2025-42922
CRITICAL CVSS 9.9
Find Similar
SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compro
Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. This has a limited impact on confidentiality and integri
Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If proce
SAP NetWeaver (Service Data Download) allows an authenticated user to call a remote-enabled function module, which could grant access to information about the SAP system and operating system. This lea
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated u
SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated
Page 1+ Next →