Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2025-42957
CRITICAL CVSS 9.9
Find Similar
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing
CVE-2025-27429
CRITICAL CVSS 9.9
Find Similar
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing
SAP S/4HANA (Private Cloud and On-Premise) allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP
CVE-2026-34260
CRITICAL CVSS 9.6
Find Similar
SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The applicat
CVE-2026-0491
CRITICAL CVSS 9.1
Find Similar
SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS comma
SAP S/4HANA(On-Premise) contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized data
Due to a missing authorization check vulnerability in SAP S/4HANA (Enterprise Event Enablement), an attacker with access to the Inbound Binding Configuration could create an RFC destination and assign
CVE-2026-0488
CRITICAL CVSS 9.9
Find Similar
An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the abi
Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload
SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to
Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct upda
SAP S/4HANA (Manage Processing Rules - For Bank Statements) allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request parame
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restrict
The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. This vulnerabilit
Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker
SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field. On performing this step the a
CVE-2025-42950
CRITICAL CVSS 9.9
Find Similar
SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code int
CVE-2025-31330
CRITICAL CVSS 9.9
Find Similar
SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code int
Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed
Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system.
Page 1+ Next →