CVE-2026-0499 — SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's brows — CVE Database · The Intelligence Room