By weakness (CWE)
CWE-35: related vulnerabilities
CVEs classified under CWE-35. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2026-24315MEDIUM 4.2
SAP Fiori Launchpad contains a URL-crafting vulnerability that allows attackers to trigger unauthorized service calls within the Fiori application domain. When a user clicks a malicious link, the attacker can potentially steal credentials or compromise the user's account. The attack requires the attacker to have detailed knowledge of the system and depends on user interaction—the vulnerability cannot be exploited remotely without a victim opening the malicious URL.