سامي
سامي الغامدي
مستشار Fyntralink · متاح الآن
مدعوم بالذكاء الاصطناعي · Fyntralink
0536890919 info@fyntralink.com
تغذية مباشرة من NVD & CISA

قاعدة بيانات الثغرات الأمنية CVE Intelligence

بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى مبني على المصادر الرسمية فقط.

إعادة ضبط
عرض صفحة 25 من 27 (1330 ثغرة)
CVE ID الشدة CVSS KEV مستغلة؟ تاريخ النشر الملخص
CVE-2025-14831 Medium 5,3 لا 2026-02-09 تم العثور على خلل في GnuTLS. تسمح هذه الثغرة بتنفيذ هجوم حجب الخدمة (DoS) من خلال استهلاك مفرط لوحدة المعالجة المركزية والذاكرة عبر شهادات …
CVE-2025-10465 High 8,8 لا 2026-02-09 ثغرة في السماح بتحميل ملفات من نوع خطير دون قيود في منتج Sensaway من شركة Birtech Information Technologies Industry and Trade Ltd. Co. تتيح…
CVE-2025-10464 Medium 6,5 لا 2026-02-09 ثغرة تخزين غير آمن للمعلومات الحساسة في برنامج Senseway من شركة Birtech Information Technologies Industry and Trade Ltd. Co. تسمح باسترجاع …
CVE-2026-1960 Medium 5,1 لا 2026-02-09 ثغرة أمنية من نوع تخزين هجوم عبر المواقع (Stored Cross-Site Scripting - XSS) موجودة في Loggro Pymes، عبر معلمة 'Facebook' في نقطة النهاية '…
CVE-2026-1959 Medium 5,1 لا 2026-02-09 تم الكشف عن ثغرة تخزين البرمجة النصية عبر المواقع (Stored XSS) في نظام Loggro Pymes، عبر معامل "descripción" في نقطة النهاية "/loggrodemo/j…
CVE-2026-0632 Medium 5,4 لا 2026-02-09 The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.…
CVE-2025-7708 Medium 6,8 لا 2026-02-09 Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication…
CVE-2025-6830 Critical 9,8 لا 2026-02-09 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpoda Türkiye Information Technology …
CVE-2025-10463 High 7,3 لا 2026-02-09 Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Authentication Abuse.…
CVE-2026-25848 Critical 9,1 لا 2026-02-09 In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
CVE-2026-25847 High 8,2 لا 2026-02-09 In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible
CVE-2026-25846 Medium 6,5 لا 2026-02-09 In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs
CVE-2026-24098 Medium 6,5 لا 2026-02-09 Apache Airflow versions before 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to …
CVE-2026-22922 Medium 6,5 لا 2026-02-09 Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limi…
CVE-2026-2227 Medium 5,1 لا 2026-02-09 A vulnerability was found in D-Link DCS-931L up to 1.13.0. Impacted is the function doSystem of the file /setSystemAdmin. Performing a mani…
CVE-2026-2226 Medium 5,1 لا 2026-02-09 A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component…
CVE-2026-23903 Medium 5,3 لا 2026-02-09 Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended…
CVE-2026-2225 Medium 6,9 لا 2026-02-09 A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the …
CVE-2026-2224 Medium 5,1 لا 2026-02-09 A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/ma…
CVE-2026-25916 Medium 4,3 لا 2026-02-09 Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage.
CVE-2026-25905 Medium 5,8 لا 2026-02-09 The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use …
CVE-2026-25904 Medium 5,8 لا 2026-02-09 The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the underlying Python c…
CVE-2025-7799 High 8,6 لا 2026-02-09 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zirve Information Technologies…
CVE-2026-2236 High 8,7 لا 2026-02-09 C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to…
CVE-2026-2235 High 7,1 لا 2026-02-09 C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to r…
CVE-2026-2234 Critical 9,3 لا 2026-02-09 C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any use…
CVE-2026-2223 Medium 6,9 لا 2026-02-09 A security vulnerability has been detected in code-projects Online Reviewer System 1.0. Affected by this issue is some unknown functionalit…
CVE-2026-2222 Medium 4,8 لا 2026-02-09 A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of t…
CVE-2026-22906 Critical 9,8 لا 2026-02-09 User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration f…
CVE-2026-22905 High 7,5 لا 2026-02-09 An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (…
CVE-2026-22904 Critical 9,8 لا 2026-02-09 Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversize…
CVE-2026-22903 Critical 9,8 لا 2026-02-09 An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buf…
CVE-2026-2221 Medium 6,9 لا 2026-02-09 A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.p…
CVE-2026-2220 Medium 6,9 لا 2026-02-09 A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/adm…
CVE-2026-24466 High 8,4 لا 2026-02-09 Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows servic…
CVE-2026-1868 Critical 9,9 لا 2026-02-09 GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway f…
CVE-2026-0870 High 8,5 لا 2026-02-09 MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. Due to the MacroHub application launching external applicati…
CVE-2026-2218 Medium 5,3 لا 2026-02-09 A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the compon…
CVE-2026-2217 Medium 6,9 لا 2026-02-09 A vulnerability was found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/manag…
CVE-2026-2216 Medium 5,3 لا 2026-02-09 A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function download_export_file of the file apis/tools.py. Exe…
CVE-2026-22613 Medium 5,7 لا 2026-02-09 The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an atta…
CVE-2026-2215 Medium 6,3 لا 2026-02-09 A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py o…
CVE-2026-2214 Medium 4,8 لا 2026-02-09 A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.p…
CVE-2026-2213 Medium 5,1 لا 2026-02-09 A security flaw has been discovered in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the fil…
CVE-2026-1615 Critical 9,2 لا 2026-02-09 All versions of the package jsonpath are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expression…
CVE-2025-66598 High 7,1 لا 2026-02-09 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports old SSL/TLS versions, potenti…
CVE-2025-66597 High 8,8 لا 2026-02-09 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports weak cryptographic algorithms…
CVE-2025-66596 Medium 6,9 لا 2026-02-09 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request hea…
CVE-2025-66595 Medium 6,3 لا 2026-02-09 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product is vulnerable to Cross-Site Request Fo…
CVE-2025-66594 Medium 6,9 لا 2026-02-09 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. …