Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-01-22
CVE-2026-0498 - SAP S/4HANA (Private Cloud and On-Premise) Plugin
SAP S/4HANA (Private Cloud and On-Premise) allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.
PLUGIN
SAP S/4HANA (Private Cloud and On-Premise)
CVE-2026-0498
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0503 - SAP ERP Central Component and SAP S/4HANA (SAP EHS Management) Plugin
Due to missing authorization check in the SAP ERP Central Component (SAP ECC) and SAP S/4HANA (SAP EHS Management), an attacker could extract hardcoded clear-text credentials and bypass the password authentication check by manipulating user parameters. Upon successful exploitation, the attacker can access, modify or delete certain change pointer information within EHS objects in the application which might further affect the subsequent systems. This vulnerability leads to a low impact on confidentiality and integrity of the application with no affect on the availability.
PLUGIN
SAP ERP Central Component and SAP S/4HANA (SAP EHS Management)
CVE-2026-0503
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0499 - SAP NetWeaver Enterprise Portal Plugin
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal content, or user redirection, resulting in a low impact on the application's confidentiality and integrity, with no impact on availability.
PLUGIN
SAP NetWeaver Enterprise Portal
CVE-2026-0499
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0497 - Business Server Pages Application (Product Designer Web UI) Plugin
SAP Product Designer Web UI of Business Server Pages allows authenticated non-administrative users to access non-sensitive information. This results in a low impact on confidentiality, with no impact on integrity or availability of the application.
PLUGIN
Business Server Pages Application (Product Designer Web UI)
CVE-2026-0497
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-0492 - SAP HANA database Plugin
SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system�s confidentiality, integrity, and availability.
PLUGIN
SAP HANA database
CVE-2026-0492
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0496 - SAP Fiori App (Intercompany Balance Reconciliation) Plugin
SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file (including script files) without proper file format validation. This has low impact on confidentiality, integrity and availability of the application.
PLUGIN
SAP Fiori App (Intercompany Balance Reconciliation)
CVE-2026-0496
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0495 - SAP Fiori App (Intercompany Balance Reconciliation) Plugin
SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to send uploaded files to arbitrary emails which could enable effective phishing campaigns. This has low impact on confidentiality, integrity and availability of the application.
PLUGIN
SAP Fiori App (Intercompany Balance Reconciliation)
CVE-2026-0495
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0494 - SAP Fiori App (Intercompany Balance Reconciliation) Plugin
Under certain conditions SAP Fiori App Intercompany Balance Reconciliation application allows an attacker to access information which would otherwise be restricted. This has low impact on confidentiality of the application, integrity and availability are not impacted.
PLUGIN
SAP Fiori App (Intercompany Balance Reconciliation)
CVE-2026-0494
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0493 - SAP Fiori App (Intercompany Balance Reconciliation) Plugin
Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App Intercompany Balance Reconciliation an attacker could execute state?changing actions using an inappropriate request type, this deviation from expected request semantics may allow an attacker to trigger unintended actions on behalf of an authenticated user causing low impact on integrity of the system. This has no impact on confidentiality and availability.
PLUGIN
SAP Fiori App (Intercompany Balance Reconciliation)
CVE-2026-0493
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-0491 - SAP Landscape Transformation Plugin
SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.
PLUGIN
SAP Landscape Transformation
CVE-2026-0491
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22813 - Opencode Plugin
OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify or even a CSP on the web interface to prevent JavaScript execution via HTML injection. This means controlling the LLM response for a chat session gets JavaScript execution on the http://localhost:4096 origin. This vulnerability is fixed in 1.1.10.
PLUGIN
Opencode
CVE-2026-22813
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22812 - Opencode Plugin
OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.
PLUGIN
Opencode
CVE-2026-22812
Risk Score
Threat Entry
Updated 2026-01-16
CVE-2026-22804 - Termix Plugin
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting (XSS) vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. This allows an attacker who has compromised a managed SSH server to plant a malicious file, which, when previewed by the Termix user, executes arbitrary JavaScript in the context of the application. The vulnerability is located in src/ui/desktop/apps/file-manager/components/FileViewer.tsx. This vulnerability is fixed in 1.10.0.
PLUGIN
Termix
CVE-2026-22804
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-22805 - Metabase Plugin
Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metabase is colocated with other unsecured resources. This vulnerability is fixed in 55.13, 56.3, and 57.1.
PLUGIN
Metabase
CVE-2026-22805
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22801 - Libpng Plugin
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.
PLUGIN
Libpng
CVE-2026-22801
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22214 - RIOT OS Plugin
RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the _handle_char() function, where incoming frame bytes are appended to a fixed-size stack buffer without verifying that the current write index remains within bounds. An attacker capable of sending crafted serial or TCP-framed input can cause the current write index to exceed the buffer size, resulting in a write past the end of the stack buffer. This…
PLUGIN
RIOT OS
CVE-2026-22214
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22695 - Libpng Plugin
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.
PLUGIN
Libpng
CVE-2026-22695
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-22212 - TinyOS Plugin
TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions when constructing device paths during automatic device discovery. A local attacker can exploit this by creating specially crafted filenames under /dev/usb/, leading to stack memory corruption and application crashes.
PLUGIN
TinyOS
CVE-2026-22212
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22800 - PILOS Plugin
PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. Prior to 4.10.0, Cross-Site Request Forgery (CSRF) vulnerability exists in an administrative API endpoint responsible for terminating all active video conferences on a single server. The affected endpoint performs a destructive action but is exposed via an HTTP GET request. Although proper authorization checks are enforced and the endpoint cannot be triggered cross-site, the use of GET allows the action to be implicitly invoked through same-site content (e.g. embedded resources rendered within the application). As a result, an authenticated…
PLUGIN
PILOS
CVE-2026-22800
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22213 - RIOT OS Plugin
RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path using unbounded user-controlled input. The utility uses strcpy() and strcat() to concatenate the fixed prefix '/dev/' with a user-supplied device name provided via the -s command-line option without bounds checking. This allows an attacker to supply an excessively long device name and overflow a fixed-size stack buffer, leading to process crashes and memory corruption.
PLUGIN
RIOT OS
CVE-2026-22213
Risk Score