Export limit exceeded: 357223 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 357223 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357223 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-44744 | 1 Sap | 1 S/4hana | 2026-06-09 | 6.5 Medium |
| SAP S/4HANA(On-Premise) contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access to. The vulnerability has a high impact on the confidentiality of the data with no impact on the integrity and availability of the application. | ||||
| CVE-2026-44743 | 1 Sap | 1 Business Objects | 2026-06-09 | 3.7 Low |
| Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application. | ||||
| CVE-2026-40128 | 1 Sap | 1 Sap Netweaver Application Server Java | 2026-06-09 | 9 Critical |
| SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or modify sensitive information or render any part of the local system unavailable. | ||||
| CVE-2026-24315 | 1 Sap | 1 Fiori Launchpad | 2026-06-09 | 4.2 Medium |
| SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system causing low impact on Confidentiality and Integrity. Availability of the system is no impacted. | ||||
| CVE-2026-46484 | 1 Tale | 1 Headplane | 2026-06-09 | 8.1 High |
| Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3. | ||||
| CVE-2026-44083 | 1 Qnap Systems | 1 Qumagie | 2026-06-09 | N/A |
| An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later | ||||
| CVE-2026-41983 | 1 Huawei | 1 Harmonyos | 2026-06-09 | 4.3 Medium |
| DoS vulnerability in the browser kernel. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41985 | 1 Huawei | 1 Harmonyos | 2026-06-09 | 5.1 Medium |
| UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity. | ||||
| CVE-2026-41986 | 1 Huawei | 1 Harmonyos | 2026-06-09 | 2.4 Low |
| Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-27671 | 1 Sap Se | 1 Sap Netweaver And Abap Platform | 2026-06-09 | 9.8 Critical |
| Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high impact on the confidentiality, integrity, and availability of the application. | ||||
| CVE-2026-41973 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-09 | 5.9 Medium |
| Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-44748 | 1 Sap Se | 1 Sap Netweaver And Abap Platform | 2026-06-09 | 9.9 Critical |
| SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to sensitive user data and potential disruption of normal system usage. This causes a high impact on confidentiality, integrity and availability of the application. | ||||
| CVE-2026-41984 | 1 Huawei | 1 Harmonyos | 2026-06-09 | 5.2 Medium |
| UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity. | ||||
| CVE-2026-11607 | 1 Typo3 | 1 Typo3 | 2026-06-09 | N/A |
| Backend users with access to the Form Framework were able to use files not ending in .form.yaml as form definitions, which were processed without denying the incorrect file extension. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to escalate privileges by creating administrative backend user accounts. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3. | ||||
| CVE-2026-41976 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-09 | 6.6 Medium |
| Permission control vulnerability in the audio framework. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-41977 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-09 | 5 Medium |
| DoS vulnerability in the log service. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41981 | 1 Huawei | 1 Harmonyos | 2026-06-09 | 5.3 Medium |
| Out-of-bounds write vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41974 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-09 | 3.6 Low |
| Permission control vulnerability in service notifications. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-44541 | 1 Ethyca | 1 Fides | 2026-06-09 | N/A |
| Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fides_description override. This issue has been patched in version 2.84.5. | ||||
| CVE-2026-28262 | 1 Dell | 1 Idrac Tools | 2026-06-09 | 6 Medium |
| Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering. | ||||