Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks.
SAP TAF_APPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft malicious links that, when clicked by a victim, redirects them to attacker?controlled sites, potentially e…
SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromis…
An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially c…
Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operatio…
Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact o…
Due to missing authorization check in SAP Strategic Enterprise Management (Scorecard Wizard in Business Server Pages), an authenticated attacker could access information that they are otherwise unaut…
SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploi…
Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processe…
Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to hi…
SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The applica…
Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbi…
SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicki…
Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that …
Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This ha…
A vulnerability chain in Cribl Edge for Windows before 4.17.1 allows a local authenticated user to escalate privileges to NT AUTHORITY\SYSTEM. Incorrect default permissions on the Windows installer's…
DOM-based cross-site scripting (XSS) in Cribl Stream before 4.17.1 allows a remote attacker to execute arbitrary JavaScript in the browser of an authenticated user who is tricked into visiting a craf…
A command injection vulnerability in Cribl Edge for Linux versions 3.2.0 through 4.17.0 allows a local unprivileged user to execute arbitrary commands in the context of the Cribl Edge service account.
Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file.
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate …