Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-03-11 CVE-2025-26660 SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined.
network
low complexity
CWE-639
4.3
4.3
2025-03-11 CVE-2025-26661 Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges.
network
low complexity
CWE-862
8.8
8.8
2025-03-11 CVE-2025-27430 Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information.
network
high complexity
CWE-918
3.5
3.5
2025-03-11 CVE-2025-27431 User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting (XSS).
network
low complexity
CWE-79
5.4
5.4
2025-03-11 CVE-2025-27432 The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction.
low complexity
CWE-862
2.4
2.4
2025-03-11 CVE-2025-27433 The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement.
network
low complexity
CWE-639
4.3
4.3
2025-03-11 CVE-2025-27434 Due to insufficient input validation, SAP Commerce (Swagger UI) allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an attacker to execute a cross-site scripting (XSS) attack.
network
low complexity
CWE-79
8.8
8.8
2025-03-11 CVE-2025-27436 The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement.
network
low complexity
CWE-639
4.3
4.3
2025-03-10 CVE-2024-44192 Unspecified vulnerability in Apple products
The issue was addressed with improved checks.
local
low complexity
apple
5.5
5.5
2025-03-10 CVE-2024-44227 Resource Exhaustion vulnerability in Apple Macos
The issue was addressed with improved memory handling.
network
low complexity
apple CWE-400
7.5
7.5