Onapsis Research Labs
onapsis · B · candidate
SAP-security specialist research lab; authoritative public transcription of the monthly SAP Security Patch Day (per-CVE CVSS/CWE/SAP-Note detail behind SAP's login-gated notes). Added as candidate 2026-07-14 after serving as the primary for the July 2026 SAP Patch Day entry (CVE-2026-44747/-27690/-44761). FETCH -> webfetch https://onapsis.com/blog/sap-security-patch-day-<month>-<year>/ on SAP patch days.
Cited in 6 entries
Citation cadence
Citation days per ISO week (10 weeks of coverage span, total 4).
- SAP July 2026 Security Patch Day: three CVSS ≥9.1 flaws in NetWeaver AS ABAP, Approuter and Commerce Cloud — two reachable without authentication2026-07-14
- CVE-2026-44748 — SAP NetWeaver AS ABAP: SAML XML Signature Wrapping (CVSS 9.9)2026-06-14
- CVE-2026-47344 et al. — TYPO3 core June release: 13 CVEs across every supported branch (10.4 ELTS → 14.3 LTS)2026-06-10
- CVE-2026-44748 — SAP June Patch Day: SAML XML Signature Wrapping in NetWeaver AS ABAP (CVSS 9.9) plus an unauth RFC kernel memory-corruption (CVSS 9.8)2026-06-10
- CVE-2026-34263 / CVE-2026-34260 — SAP Commerce Cloud pre-auth RCE, S/4HANA Enterprise Search SQL injection2026-05-13
- CERTFR-2026-AVI-0572 — Centreon Infra Monitoring: RCE / SQLi / XSS cluster (April 2026 bulletin)2026-05-13