CVE Database

108856+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-44757
4.7 MEDIUM

SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected …

Jun 9, 2026
CVE-2026-44755
4.3 MEDIUM

SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has …

Jun 9, 2026
CVE-2026-44754
6.6 MEDIUM

The Remote Function Call (RFC) modules of the Operational Data Provisioning Data Replication API (ODP-RFC) are missing caller identification of permitted SAP-internal applications and are …

Jun 9, 2026
CVE-2026-44751
7.1 HIGH

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite …

Jun 9, 2026
CVE-2026-44750
4.3 MEDIUM

SAP MDG (Review Match Groups Application) does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions …

Jun 9, 2026
CVE-2026-44748
9.9 CRITICAL

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed …

Jun 9, 2026
CVE-2026-44746
6.1 MEDIUM

Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver JAVA (JDBC Test Servlet), an unauthenticated attacker could craft a URL that embeds a …

Jun 9, 2026
CVE-2026-44744
6.5 MEDIUM

SAP S/4HANA(On-Premise) contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database …

Jun 9, 2026
CVE-2026-44743
3.7 LOW

Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the …

Jun 9, 2026
CVE-2026-40128
9.0 CRITICAL

SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path …

Jun 9, 2026
CVE-2026-27671
9.8 CRITICAL

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker …

Jun 9, 2026
CVE-2026-24315
4.2 MEDIUM

SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could …

Jun 9, 2026
CVE-2026-11701
5.4 MEDIUM

Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium …

Jun 9, 2026
CVE-2026-11700
8.3 HIGH

Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 9, 2026
CVE-2026-11699
8.8 HIGH

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Jun 9, 2026
CVE-2026-11698
8.8 HIGH

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Jun 9, 2026
CVE-2026-11697
9.6 CRITICAL

Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a …

Jun 9, 2026
CVE-2026-11696
5.3 MEDIUM

Uninitialized Use in Video in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially …

Jun 9, 2026
CVE-2026-11695
4.3 MEDIUM

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security …

Jun 9, 2026
CVE-2026-11694
7.5 HIGH

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code …

Jun 9, 2026
CVE-2026-11693
8.1 HIGH

Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via …

Jun 9, 2026
CVE-2026-11692
8.3 HIGH

Use after free in Read Anything in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jun 9, 2026
CVE-2026-11691
3.1 LOW

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process …

Jun 9, 2026
CVE-2026-11690
7.5 HIGH

Out of bounds read and write in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer …

Jun 9, 2026
CVE-2026-11689
8.1 HIGH

Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation …

Jun 9, 2026
CVE-2026-11688
8.8 HIGH

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

Jun 9, 2026
CVE-2026-11687
8.8 HIGH

Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Jun 9, 2026
CVE-2026-11686
3.1 LOW

Insufficient validation of untrusted input in Dawn in Google Chrome on macOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process …

Jun 9, 2026
CVE-2026-11685
4.3 MEDIUM

Inappropriate implementation in MediaCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. …

Jun 9, 2026
CVE-2026-11684
3.1 LOW

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data …

Jun 9, 2026
CVE-2026-11683
8.8 HIGH

Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 9, 2026
CVE-2026-11682
8.3 HIGH

Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jun 9, 2026
CVE-2026-11681
8.8 HIGH

Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Jun 9, 2026
CVE-2026-11680
8.8 HIGH

Use after free in Media in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via …

Jun 9, 2026
CVE-2026-11679
8.3 HIGH

Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 9, 2026
CVE-2026-11678
5.3 MEDIUM

Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information …

Jun 9, 2026
CVE-2026-11677
8.3 HIGH

Race in Network in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the network process to potentially perform a …

Jun 9, 2026
CVE-2026-11676
8.3 HIGH

Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the …

Jun 9, 2026
CVE-2026-11675
3.1 LOW

Out of bounds read in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin …

Jun 9, 2026
CVE-2026-11674
8.8 HIGH

Use after free in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a …

Jun 9, 2026
CVE-2026-11673
8.8 HIGH

Use after free in InterestGroups in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 9, 2026
CVE-2026-11672
8.3 HIGH

Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 9, 2026
CVE-2026-11671
9.6 CRITICAL

Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML …

Jun 9, 2026
CVE-2026-11670
8.8 HIGH

Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 9, 2026
CVE-2026-11669
5.3 MEDIUM

Out of bounds read in Media in Google Chrome on ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to …

Jun 9, 2026
CVE-2026-11668
4.3 MEDIUM

Uninitialized Use in Codecs in Google Chrome on Linux, ChromeOS prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted video …

Jun 9, 2026
CVE-2026-11667
7.5 HIGH

Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the GPU process to potentially exploit …

Jun 9, 2026
CVE-2026-11666
5.4 MEDIUM

Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML …

Jun 9, 2026
CVE-2026-11665
4.3 MEDIUM

Out of bounds read in Dawn in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted …

Jun 9, 2026
CVE-2026-11664
8.8 HIGH

Use after free in Payments in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Jun 9, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.