NVD CVEs — 本日公開 (26 件)
CVE-2026-8346 6.3 MEDIUM
A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The attack can be initiated remotely. The exploit is now public and may be used.
CVE-2026-8349 4.3 MEDIUM
A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called 8a4c
CVE-2026-45321 9.6 CRITICAL
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself wa
CVE-2026-45362 3.2 LOW
Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file.
CVE-2026-45391
Reserved. Details will be published at disclosure.
CVE-2026-45392
Reserved. Details will be published at disclosure.
CVE-2026-45393
Reserved. Details will be published at disclosure.
CVE-2026-0502 5.4 MEDIUM
Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiality
CVE-2026-27682 4.7 MEDIUM
Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the i
CVE-2026-34258 4.7 MEDIUM
SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low
GitHub Security Advisories — 本日公開 (20 件)
GHSA-qx93-pqj3-crqc
MEDIUM
SAP TAF_APPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft...
GHSA-296w-48hc-3xvf
MEDIUM
SAP Financial Consolidation allows an authenticated attacker to disconnect other users by...
GHSA-vxmw-hcjw-h6q2
MEDIUM
Due to insufficient authorization checks in the SAP Incentive and Commission Management...
GHSA-gqmf-q62p-q4q6
MEDIUM
Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated...
GHSA-j2qh-793j-f8hc
MEDIUM
Due to missing authorization check in SAP Strategic Enterprise Management (Scorecard Wizard in...
GHSA-75qg-6cmg-3h9p
LOW
SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically...
GHSA-wxxf-gjw8-32x8
CRITICAL
Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user...
GHSA-f762-3chp-r6jr
MEDIUM
Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP...
GHSA-8w5g-hw8f-fqqg
MEDIUM
An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and...
GHSA-cqhw-vpw6-ww5x
HIGH
Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated...