6.3
CVE-2026-39421 - MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LD_PRELOAD-based โฆ
6.3
CVE-2026-39420 - MaxKB: Sandbox escape via LD_PRELOAD bypass
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the LD_PRELOAD-based sandbox. By env command the attacker can clear the environment variables and drop tโฆ
6.5
CVE-2026-34264 - Information Disclosure vulnerability in SAP Human Capital Management for SAP S/4HANA
During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information cauโฆ
5
CVE-2026-34262 - Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
6.5
CVE-2026-34261 - Missing Authorization check in SAP Business Analytics and SAP Content Management
Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects confidentialitโฆ
5
CVE-2026-39418 - MaxKB: SSRF via sandbox network hook bypass
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed by using socket.sendto() with the MSG_FASTOPEN flag. This allows authenticated user with tool-editing permissions to reach internal services that are explicitly blocked by thโฆ
6.1
CVE-2026-34257 - Open Redirect vulnerability in SAP NetWeaver Application Server ABAP
Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the applicโฆ
7.1
CVE-2026-34256 - Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)
Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executedโฆ
4.1
CVE-2026-27683 - Reflected cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform
SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes in the user๏ฟฝs browser, potentially exposing restricted information. This results in a low impact oโฆ
9.9
CVE-2026-27681 - SQL Injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse
Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of the โฆ