CVE-2021-40500

Same vendor

• CVE-2026-27680 — Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascad... (3.1 LOW)
• CVE-2026-40135 — An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authentica... (6.5 MEDIUM)
• CVE-2026-27682 — Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Serv... (4.7 MEDIUM)
• CVE-2026-34257 — Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL tha... (6.1 MEDIUM)
• CVE-2026-27674 — Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could suppl... (6.1 MEDIUM)

Same CWE

• CVE-2026-49875 — Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening c... (9.8 CRITICAL)
• CVE-2026-40998 — Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled X... (8.2 HIGH)
• CVE-2026-40991 — When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who comp... (5.9 MEDIUM)
• CVE-2026-47960 — ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerab... (7.4 HIGH)
• CVE-2026-8045 — CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side...