Security Vulnerabilities
In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted.
CVSS Score
5.0
EPSS Score
0.0
Published
2026-02-10
An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impact on confidentiality, integrity, and availability.
CVSS Score
9.9
EPSS Score
0.0
Published
2026-02-10
SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high impact on the availability but no impact on the confidentiality and integrity.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-02-10
Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the confidentiality and availability.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-10
A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been published and may be used. This patch is called c2047a33e1ac2c42ab7e8704b33f7ea518a11ffd. It is advisable to implement a patch to correct this issue.
CVSS Score
3.3
EPSS Score
0.0
Published
2026-02-10
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-02-10
Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-02-10
Tanium addressed an arbitrary file deletion vulnerability in end-user-cx.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-02-10
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA version 1.2.11.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-02-09
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through version 1.2.10,
an authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on actions. This has been patched in FUXA version 1.2.11.
CVSS Score
9.1
EPSS Score
0.0
Published
2026-02-09