سامي
سامي الغامدي
مستشار Fyntralink · متاح الآن
مدعوم بالذكاء الاصطناعي · Fyntralink
0536890919 info@fyntralink.com
تغذية مباشرة من NVD & CISA

قاعدة بيانات الثغرات الأمنية CVE Intelligence

بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى مبني على المصادر الرسمية فقط.

إعادة ضبط
عرض صفحة 18 من 27 (1330 ثغرة)
CVE ID الشدة CVSS KEV مستغلة؟ تاريخ النشر الملخص
CVE-2026-2302 Medium 6,9 لا 2026-02-10 Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.from_hash may allow for executing a…
CVE-2026-26009 Critical 9,9 لا 2026-02-10 Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in…
CVE-2026-25613 High 7,1 لا 2026-02-10 An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index.
CVE-2026-25610 High 7,1 لا 2026-02-10 An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints.
CVE-2026-25609 Medium 5,3 لا 2026-02-10 Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only.
CVE-2026-25506 High 7,7 لا 2026-02-10 MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer ov…
CVE-2026-21355 Medium 5,5 لا 2026-02-10 DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker…
CVE-2026-21354 Medium 5,5 لا 2026-02-10 DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application deni…
CVE-2026-21353 High 7,8 لا 2026-02-10 DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code…
CVE-2026-21352 High 7,8 لا 2026-02-10 DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution …
CVE-2026-21347 High 7,8 لا 2026-02-10 Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary c…
CVE-2026-21346 High 7,8 لا 2026-02-10 Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code executi…
CVE-2026-21345 High 7,8 لا 2026-02-10 Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which coul…
CVE-2026-21344 High 7,8 لا 2026-02-10 Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which coul…
CVE-2026-21343 High 7,8 لا 2026-02-10 Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which coul…
CVE-2026-21342 High 7,8 لا 2026-02-10 Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code ex…
CVE-2026-21341 High 7,8 لا 2026-02-10 Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code ex…
CVE-2026-1850 High 7,1 لا 2026-02-10 Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash.
CVE-2026-1849 High 7,1 لا 2026-02-10 MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises …
CVE-2026-1848 High 8,2 لا 2026-02-10 Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number …
CVE-2026-1847 High 7,1 لا 2026-02-10 Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the oplog from the prima…
CVE-2026-26003 Medium 6,9 لا 2026-02-10 FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin…
CVE-2026-25993 Critical 9,3 لا 2026-02-10 EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / reques…
CVE-2026-25992 High 7,5 لا 2026-02-10 SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks…
CVE-2026-25956 Medium 6,1 لا 2026-02-10 Frappe is a full-stack web application framework. Prior to 14.99.14 and 15.94.0, an attacker could craft a malicious signup URL for a frapp…
CVE-2026-25950 N/A لا 2026-02-10 Rejected reason: Further research determined the issue is not a vulnerability.
CVE-2026-25947 High 8,8 لا 2026-02-10 Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL quer…
CVE-2026-25805 Medium 6,4 لا 2026-02-10 Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowa…
CVE-2026-25728 Critical 9,3 لا 2026-02-10 ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #40, a Time-of-Check to Time-of-Use (TOCTOU) race condition vulner…
CVE-2026-25646 High 8,3 لا 2026-02-10 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files.…
CVE-2026-25612 High 7,1 لا 2026-02-10 The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Colle…
CVE-2026-25611 High 8,7 لا 2026-02-10 A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.
CVE-2026-25577 High 7,5 لا 2026-02-10 Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Requ…
CVE-2026-24045 High 7,3 لا 2026-02-10 Docmost is open-source collaborative wiki and documentation software. From g and before 0.25.0, the public share page functionality in Docm…
CVE-2026-23655 Medium 6,5 لا 2026-02-10 Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network.
CVE-2026-21537 High 8,8 لا 2026-02-10 Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code o…
CVE-2026-21533 High 7,8 نعم 2026-02-10 Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2026-21531 Critical 9,8 لا 2026-02-10 Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
CVE-2026-21529 Medium 5,7 لا 2026-02-10 Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to p…
CVE-2026-21528 Medium 6,5 لا 2026-02-10 Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to disclose information over a network.
CVE-2026-21527 Medium 6,5 لا 2026-02-10 User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoof…
CVE-2026-21525 Medium 6,2 نعم 2026-02-10 Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
CVE-2026-21523 High 8,0 لا 2026-02-10 Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a …
CVE-2026-21522 Medium 6,7 لا 2026-02-10 Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker …
CVE-2026-21519 High 7,8 نعم 2026-02-10 Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges…
CVE-2026-21518 Medium 6,5 لا 2026-02-10 Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unau…
CVE-2026-21517 Medium 4,7 لا 2026-02-10 Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges l…
CVE-2026-21516 High 8,8 لا 2026-02-10 Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to ex…
CVE-2026-21514 High 7,8 نعم 2026-02-10 Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature l…
CVE-2026-21513 High 8,8 نعم 2026-02-10 Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.