سامي
سامي الغامدي
مستشار Fyntralink · متاح الآن
مدعوم بالذكاء الاصطناعي · Fyntralink
0536890919 info@fyntralink.com
تغذية مباشرة من NVD & CISA

قاعدة بيانات الثغرات الأمنية CVE Intelligence

بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى مبني على المصادر الرسمية فقط.

إعادة ضبط
عرض صفحة 22 من 27 (1330 ثغرة)
CVE ID الشدة CVSS KEV مستغلة؟ تاريخ النشر الملخص
CVE-2025-14895 Medium 5,4 لا 2026-02-10 The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is due to the plu…
CVE-2024-52334 Medium 6,3 لا 2026-02-10 A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF07). The affected application does not encrypt the passwor…
CVE-2025-11242 Critical 9,8 لا 2026-02-10 Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows…
CVE-2026-1722 Medium 5,3 لا 2026-02-10 The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in al…
CVE-2026-2099 Medium 5,1 لا 2026-02-10 AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persiste…
CVE-2026-2098 Medium 5,1 لا 2026-02-10 AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute ar…
CVE-2026-2097 High 8,7 لا 2026-02-10 Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute w…
CVE-2026-2096 Critical 9,3 لا 2026-02-10 Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and …
CVE-2026-2095 Critical 9,3 لا 2026-02-10 Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific…
CVE-2026-2094 High 8,7 لا 2026-02-10 Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands …
CVE-2026-2093 High 8,7 لا 2026-02-10 Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command…
CVE-2025-12063 Medium 5,7 لا 2026-02-10 An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permis…
CVE-2026-0996 Medium 6,4 لا 2026-02-10 The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, an…
CVE-2025-13064 Medium 4,5 لا 2026-02-10 A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by…
CVE-2025-12757 Medium 4,6 لا 2026-02-10 An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.
CVE-2025-11547 High 7,8 لا 2026-02-10 AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
CVE-2025-11142 High 7,1 لا 2026-02-10 The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can on…
CVE-2026-25981 N/A لا 2026-02-10 Rejected reason: Not used
CVE-2026-25980 N/A لا 2026-02-10 Rejected reason: Not used
CVE-2026-25979 N/A لا 2026-02-10 Rejected reason: Not used
CVE-2026-25978 N/A لا 2026-02-10 Rejected reason: Not used
CVE-2026-25977 N/A لا 2026-02-10 Rejected reason: Not used
CVE-2026-25976 N/A لا 2026-02-10 Rejected reason: Not used
CVE-2026-25975 N/A لا 2026-02-10 Rejected reason: Not used
CVE-2026-25974 N/A لا 2026-02-10 Rejected reason: Not used
CVE-2026-25973 N/A لا 2026-02-10 Rejected reason: Not used
CVE-2026-2260 High 7,3 لا 2026-02-10 A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation o…
CVE-2026-2259 Medium 4,8 لا 2026-02-10 A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements i…
CVE-2026-24328 Medium 6,1 لا 2026-02-10 SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, r…
CVE-2026-24327 Medium 4,3 لا 2026-02-10 Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages), an authenticated a…
CVE-2026-24326 Medium 4,3 لا 2026-02-10 Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges…
CVE-2026-24325 Medium 4,8 لا 2026-02-10 SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerabil…
CVE-2026-24324 Medium 6,5 لا 2026-02-10 SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific…
CVE-2026-24323 Medium 6,1 لا 2026-02-10 The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not suffi…
CVE-2026-24322 High 7,7 لا 2026-02-10 SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated us…
CVE-2026-24321 Medium 5,3 لا 2026-02-10 SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to ret…
CVE-2026-24320 Low 3,1 لا 2026-02-10 Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit log…
CVE-2026-24319 Medium 5,8 لا 2026-02-10 In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this in…
CVE-2026-24312 Medium 5,2 لا 2026-02-10 An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass ro…
CVE-2026-23689 High 7,7 لا 2026-02-10 Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and n…
CVE-2026-23688 Medium 4,3 لا 2026-02-10 SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalatio…
CVE-2026-23687 High 8,8 لا 2026-02-10 SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed me…
CVE-2026-23686 Low 3,4 لا 2026-02-10 Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could …
CVE-2026-23685 Medium 4,4 لا 2026-02-10 Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), an attacker authenticated as an administrator with local access coul…
CVE-2026-23684 Medium 5,9 لا 2026-02-10 A race condition vulnerability exists in the SAP Commerce cloud. Because of this when an attacker adds products to a cart, it may result in…
CVE-2026-23681 Medium 4,3 لا 2026-02-10 Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific funct…
CVE-2026-0509 Critical 9,6 لا 2026-02-10 SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function …
CVE-2026-0508 High 7,3 لا 2026-02-10 The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within…
CVE-2026-0505 Medium 6,1 لا 2026-02-10 The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This c…
CVE-2026-0490 High 7,5 لا 2026-02-10 SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks …