Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (1674 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-2076 1 Sap 1 Businessobjects Edge 2025-04-12 N/A
The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395.
CVE-2014-4160 1 Sap 1 Netweaver Business Client 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter.
CVE-2015-2075 1 Sap 1 Businessobjects Edge 2025-04-12 N/A
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396.
CVE-2015-2072 1 Sap 1 Hana 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs, aka SAP Note 2069676.
CVE-2015-1312 1 Sap 1 Enterprise Resource Planning 2025-04-12 N/A
The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2015-1311 1 Sap 1 Hana Extended Application Services 2025-04-12 N/A
The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2015-1309 1 Sap 1 Netweaver Abap 2025-04-12 N/A
XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638.
CVE-2014-9595 1 Sap 1 Sap Kernel 2025-04-12 N/A
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271.
CVE-2014-9594 1 Sap 1 Sap Kernel 2025-04-12 N/A
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734.
CVE-2014-9569 1 Sap 1 Netweaver Business Client For Html 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285.
CVE-2014-9387 1 Sap 1 Businessobjects 2025-04-12 N/A
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.
CVE-2014-9264 1 Sap 1 Sql Anywhere 2025-04-12 N/A
Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias.
CVE-2014-8669 1 Sap 1 Customer Relationship Management 2025-04-12 N/A
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2014-8668 1 Sap 1 Contract Accounting 2025-04-12 N/A
SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-8667 1 Sap 1 Hana Web-based Development Workbench 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-8666 1 Sap 1 Business Intelligence Development Workbench 2025-04-12 N/A
The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors.
CVE-2014-8665 1 Sap 1 Business Intelligence Development Workbench 2025-04-12 N/A
The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files.
CVE-2014-8664 1 Sap 1 Environment Health And Safety 2025-04-12 N/A
SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-8663 1 Sap 1 Netweaver Business Warehouse 2025-04-12 N/A
SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-8662 1 Sap 1 Payroll Process 2025-04-12 N/A
Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling.