CVEs from 2026
Total
13,682
critical
critical 1,196
high
high 4,383
medium
medium 4,289
low
low 469
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6566 | medium | 4.3 | 4.3 | 13d ago | The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insuffic… | |||
| CVE-2026-44392 | medium | 4.3 | 4.3 | 13d ago | Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be execute… | |||
| CVE-2026-5075 | medium | 4.3 | 4.3 | 13d ago | The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal o… | |||
| CVE-2026-8610 | medium | 4.3 | 4.3 | 13d ago | The TypeSquare Webfonts for ConoHa plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.4. This is due to the plugin not properly verifying that a user… | |||
| CVE-2026-8424 | medium | 4.3 | 4.3 | 13d ago | The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'rybb_a… | |||
| CVE-2026-8423 | medium | 4.3 | 4.3 | 13d ago | The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on th… | |||
| CVE-2026-8419 | medium | 4.3 | 4.3 | 13d ago | The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This… | |||
| CVE-2026-8418 | medium | 4.3 | 4.3 | 13d ago | The Games Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the gc_crud() funct… | |||
| CVE-2026-6452 | medium | 4.3 | 4.3 | 13d ago | The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the bigf… | |||
| CVE-2026-6401 | medium | 4.3 | 4.3 | 13d ago | The Bottom Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.1.7. This is due to missing nonce verification on the plugin's settings update fo… | |||
| CVE-2026-6400 | medium | 4.3 | 4.3 | 13d ago | The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the opti… | |||
| CVE-2026-45442 | medium | 4.3 | 4.3 | 13d ago | Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Presto Player: from n/a through 4.1.… | |||
| CVE-2026-37981 | medium | 4.3 | 4.3 | 13d ago | A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access (UMA) r… | |||
| CVE-2026-8830 | medium | 4.3 | 4.3 | 14d ago | A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side … | |||
| CVE-2026-33514 | medium | 4.3 | 4.3 | 14d ago | Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature… | |||
| CVE-2026-32312 | medium | 4.3 | 4.3 | 14d ago | GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue… | |||
| CVE-2026-8802 | medium | 4.3 | 4.3 | 14d ago | A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argumen… | |||
| CVE-2026-6343 | medium | 4.3 | 4.3 | 14d ago | Mattermost doesn't check public/private permissions | |||
| CVE-2026-6339 | medium | 4.3 | 4.3 | 14d ago | Mattermost doesn't validate the X-Requested-With header on the burn-on-read reveal endpoint | |||
| CVE-2026-4286 | medium | 4.3 | 4.3 | 14d ago | Mattermost doesn't check if {{team_id}} was being changed when updating playbooks | |||
| CVE-2026-28732 | medium | 4.3 | 4.3 | 14d ago | Mattermost doesn't enforce slash command trigger-word uniqueness during command updates | |||
| CVE-2026-6342 | medium | 4.3 | 4.3 | 15d ago | Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via … | |||
| CVE-2026-6341 | medium | 4.3 | 4.3 | 15d ago | Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multip… | |||
| CVE-2026-4273 | medium | 4.3 | 4.3 | 15d ago | Mattermost doesn't validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation | |||
| CVE-2026-3637 | medium | 4.3 | 4.3 | 15d ago | Mattermost doesn't check the create_post channel permission during post edit operations | |||
| CVE-2026-28759 | medium | 4.3 | 4.3 | 15d ago | Mattermost does not verify remote cluster channel access when processing shared channel membership removals | |||
| CVE-2026-8783 | medium | 4.3 | 4.3 | 15d ago | AMF Vulnerable to Improper Resource Shutdown or Release | |||
| CVE-2026-8782 | medium | 4.3 | 4.3 | 15d ago | AMF Vulnerable to Improper Resource Shutdown or Release | |||
| CVE-2026-8781 | medium | 4.3 | 4.3 | 15d ago | AMF Vulnerable to Improper Resource Shutdown or Release | |||
| CVE-2026-8780 | medium | 4.3 | 4.3 | 15d ago | AMF Improperly Restricts Operations within the Bounds of a Memory Buffer | |||
| CVE-2026-8779 | medium | 4.3 | 4.3 | 15d ago | AMF Improperly Restricts Operations within the Bounds of a Memory Buffer | |||
| CVE-2026-45009 | medium | 4.3 | 4.3 | 17d ago | phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login statu… | |||
| CVE-2026-45387 | medium | 4.3 | 4.3 | 17d ago | Open WebUI: Sharing models for others to use (read permission) also exposes model details (system prompt leakage) | |||
| CVE-2026-45385 | medium | 4.3 | 4.3 | 17d ago | Open WebUI has an IDOR vulnerability in the update_message_by_id API endpoint | |||
| CVE-2026-44559 | medium | 4.3 | 4.3 | 17d ago | Open WebUI Missing Access Check on Channel Members Endpoint for Standard Channels | |||
| CVE-2026-4053 | medium | 4.3 | 4.3 | 17d ago | Mattermost doesn't enforce the PostEditTimeLimit on non-message post fields | |||
| CVE-2026-45007 | medium | 4.3 | 4.3 | 17d ago | phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated() instead of userHasPermission(CONFIGURATION_EDIT). Any authentic… | |||
| CVE-2026-8425 | medium | 4.3 | 4.3 | 17d ago | The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the _updateSettin… | |||
| CVE-2026-7563 | medium | 4.3 | 4.3 | 17d ago | The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 5.3.10. This is due to t… | |||
| CVE-2026-45386 | medium | 4.3 | 4.3 | 18d ago | Open WebUI has an IDOR vulnerability in the pin_channel_message API endpoint | |||
| CVE-2026-8576 | medium | 4.3 | 4.3 | 18d ago | Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security sev… | |||
| CVE-2026-8567 | medium | 4.3 | 4.3 | 18d ago | Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2026-8566 | medium | 4.3 | 4.3 | 18d ago | Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium sec… | |||
| CVE-2026-8563 | medium | 4.3 | 4.3 | 18d ago | Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium se… | |||
| CVE-2026-8562 | medium | 4.3 | 4.3 | 18d ago | Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Mediu… | |||
| CVE-2026-8560 | medium | 4.3 | 4.3 | 18d ago | Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium securi… | |||
| CVE-2026-8559 | medium | 4.3 | 4.3 | 18d ago | Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium secu… | |||
| CVE-2026-8552 | medium | 4.3 | 4.3 | 18d ago | Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity… | |||
| CVE-2026-8537 | medium | 4.3 | 4.3 | 18d ago | Insufficient policy enforcement in ViewTransitions in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: H… | |||
| CVE-2026-8528 | medium | 4.3 | 4.3 | 18d ago | Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a … | |||
| CVE-2026-45148 | medium | 4.3 | 4.3 | 18d ago | SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWidget,searchTemplate}` publish-mode | |||
| CVE-2026-45147 | medium | 4.3 | 4.3 | 18d ago | SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk | |||
| CVE-2026-44283 | medium | 4.3 | 4.3 | 18d ago | etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requ… | |||
| CVE-2026-45448 | medium | 4.3 | 4.3 | 18d ago | CWE-601 URL redirection to untrusted site ('open redirect') | |||
| CVE-2026-44374 | medium | 4.3 | 4.3 | 18d ago | Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permissi… | |||
| CVE-2026-6575 | medium | 4.3 | 4.3 | 18d ago | Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintain… | |||
| CVE-2026-6474 | medium | 4.3 | 4.3 | 18d ago | Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 1… | |||
| CVE-2026-5365 | medium | 4.3 | 4.3 | 19d ago | The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. This is due to missing nonce verification on the request_cancellation() funct… | |||
| CVE-2026-8144 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with projec… | |||
| CVE-2026-6883 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merg… | |||
| CVE-2026-6063 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authent… | |||
| CVE-2026-3607 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with develo… | |||
| CVE-2026-3074 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to downlo… | |||
| CVE-2026-3073 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with develo… | |||
| CVE-2026-1338 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with devel… | |||
| CVE-2026-7648 | medium | 4.3 | 4.3 | 19d ago | The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. … | |||
| CVE-2026-7525 | medium | 4.3 | 4.3 | 19d ago | The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying tha… | |||
| CVE-2026-44919 | medium | 4.3 | 4.3 | 19d ago | OpenStack Ironic: Pre-Validation Checksum Calculation allows Denial of Service (DoS) via Infinite Block Devices | |||
| CVE-2026-44441 | medium | 4.3 | 4.3 | 19d ago | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making… | |||
| CVE-2026-28374 | medium | 4.3 | 4.3 | 19d ago | Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations. | |||
| CVE-2026-44458 | medium | 4.3 | 4.3 | 19d ago | Hono has CSS Declaration Injection via Style Object Values in JSX SSR | |||
| CVE-2026-42058 | medium | 4.3 | 4.3 | 19d ago | An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names. Note: Software versions which have reached End of Technic… | |||
| CVE-2026-4607 | medium | 4.3 | 4.3 | 19d ago | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properl… | |||
| CVE-2026-42961 | medium | 4.3 | 4.3 | 19d ago | ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to… | |||
| CVE-2026-42950 | medium | 4.3 | 4.3 | 19d ago | ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may be… | |||
| CVE-2026-3426 | medium | 4.3 | 4.3 | 19d ago | The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the save_widget() and reset_all_widgets() functions in all … | |||
| CVE-2026-28917 | medium | 4.3 | 4.3 | 20d ago | The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS… | |||
| CVE-2026-28971 | medium | 4.3 | 4.3 | 20d ago | The issue was addressed with improved UI handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. A malicious iframe may use another website’s download… | |||
| CVE-2026-28901 | medium | 4.3 | 4.3 | 20d ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously c… | |||
| CVE-2026-34656 | medium | 4.3 | 4.3 | 20d ago | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature by… | |||
| CVE-2026-5146 | medium | 4.3 | 4.3 | 20d ago | Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session v… | |||
| CVE-2026-42541 | medium | 4.3 | 4.3 | 20d ago | Kubewarden vulnerable to RBAC Reconnaissance via unchecked can_i host capability call | |||
| CVE-2026-40421 | medium | 4.3 | 4.3 | 20d ago | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-40416 | medium | 4.3 | 4.3 | 20d ago | <p>User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.</p> | |||
| CVE-2026-35429 | medium | 4.3 | 4.3 | 20d ago | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-32175 | medium | 4.3 | 4.3 | 20d ago | <p>A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to… | |||
| CVE-2026-8407 | medium | 4.3 | 4.3 | 20d ago | Missing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no additional permissions to obtain OTP secret keys and recovery codes via crafted re… | |||
| CVE-2026-42006 | medium | 4.3 | 4.3 | 20d ago | An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left op… | |||
| CVE-2026-40020 | medium | 4.3 | 4.3 | 20d ago | Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes folders to be spammed to all users. The impact is lim… | |||
| CVE-2026-1934 | medium | 4.3 | 4.3 | 20d ago | The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the s… | |||
| CVE-2026-7616 | medium | 4.3 | 4.3 | 20d ago | The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the zawgyi_admin… | |||
| CVE-2026-7562 | medium | 4.3 | 4.3 | 20d ago | The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence of a nonce field in the admin settings form a… | |||
| CVE-2026-7050 | medium | 4.3 | 4.3 | 20d ago | The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perf… | |||
| CVE-2026-6932 | medium | 4.3 | 4.3 | 20d ago | The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings u… | |||
| CVE-2026-6710 | medium | 4.3 | 4.3 | 20d ago | The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the Skysa… | |||
| CVE-2026-6709 | medium | 4.3 | 4.3 | 20d ago | The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce… | |||
| CVE-2026-4301 | medium | 4.3 | 4.3 | 20d ago | The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsr_review() AJAX handler la… | |||
| CVE-2026-40136 | medium | 4.3 | 4.3 | 21d ago | SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromis… | |||
| CVE-2026-40134 | medium | 4.3 | 4.3 | 21d ago | Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operatio… | |||
| CVE-2026-40129 | medium | 4.3 | 4.3 | 21d ago | Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processe… |