الثغرات / Vulnerabilities
بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى أدناه مبني على المصادر الرسمية فقط.
| CVE | الشدة | CVSS | مستغلة فعليًا؟ | تاريخ النشر | ملخص عربي |
|---|---|---|---|---|---|
| CVE-2026-1671 | Medium | 6,5 | لا | 2026-02-12 | The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capab… |
| CVE-2026-1316 | High | 7,2 | لا | 2026-02-12 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'media[]… |
| CVE-2026-2276 | Medium | 5,3 | لا | 2026-02-12 | Reflected Cross-Site Scripting (XSS) vulnerability in the Wix web application, where the endpoint ' https://manage.wix.… |
| CVE-2025-15575 | Medium | 5,3 | لا | 2026-02-12 | The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows a… |
| CVE-2025-15574 | Medium | 6,5 | لا | 2026-02-12 | When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character str… |
| CVE-2025-15573 | Critical | 9,4 | لا | 2026-02-12 | The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in t… |
| CVE-2026-1356 | Medium | 4,8 | لا | 2026-02-12 | The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to Server-Side Reque… |
| CVE-2026-21722 | Medium | 5,3 | لا | 2026-02-12 | Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the publ… |
| CVE-2025-41117 | Medium | 6,8 | لا | 2026-02-12 | Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the … |
| CVE-2025-15577 | High | 8,7 | لا | 2026-02-12 | An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.Th… |
| CVE-2026-2327 | Medium | 5,5 | لا | 2026-02-12 | Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Servic… |
| CVE-2025-14892 | Critical | 9,8 | لا | 2026-02-12 | The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having … |
| CVE-2026-2391 | Medium | 6,3 | لا | 2026-02-12 | ### Summary The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enab… |
| CVE-2026-26092 | N/A | - | لا | 2026-02-12 | Rejected reason: Not used |
| CVE-2026-26091 | N/A | - | لا | 2026-02-12 | Rejected reason: Not used |
| CVE-2026-26090 | N/A | - | لا | 2026-02-12 | Rejected reason: Not used |
| CVE-2026-26089 | N/A | - | لا | 2026-02-12 | Rejected reason: Not used |
| CVE-2026-26088 | N/A | - | لا | 2026-02-12 | Rejected reason: Not used |
| CVE-2026-26087 | N/A | - | لا | 2026-02-12 | Rejected reason: Not used |
| CVE-2026-26086 | N/A | - | لا | 2026-02-12 | Rejected reason: Not used |
| CVE-2026-26085 | N/A | - | لا | 2026-02-12 | Rejected reason: Not used |
| CVE-2026-25676 | High | 7,1 | لا | 2026-02-12 | The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely … |
| CVE-2026-26235 | High | 8,7 | لا | 2026-02-12 | JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to rem… |
| CVE-2026-26234 | High | 8,7 | لا | 2026-02-12 | JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attack… |
| CVE-2026-1537 | Medium | 5,3 | لا | 2026-02-12 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized … |
| CVE-2026-23857 | High | 8,2 | لا | 2026-02-12 | Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient … |
| CVE-2026-23856 | High | 7,8 | لا | 2026-02-12 | Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, … |
| CVE-2026-0969 | High | 8,8 | لا | 2026-02-12 | The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insuffic… |
| CVE-2026-1729 | Critical | 9,8 | لا | 2026-02-12 | The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. T… |
| CVE-2026-26215 | Critical | 9,3 | لا | 2026-02-12 | manga-image-translator version beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability t… |
| CVE-2026-20700 | High | 7,8 | نعم (KEV) | 2026-02-12 | A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3,… |
| CVE-2026-20682 | Medium | 5,3 | لا | 2026-02-12 | A logic issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5… |
| CVE-2026-20681 | Low | 3,3 | لا | 2026-02-12 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe … |
| CVE-2026-20680 | Medium | 6,5 | لا | 2026-02-12 | The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS T… |
| CVE-2026-20678 | Medium | 5,5 | لا | 2026-02-12 | An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, i… |
| CVE-2026-20677 | Critical | 9,0 | لا | 2026-02-12 | A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Tahoe 26.3, macOS… |
| CVE-2026-20676 | Medium | 5,3 | لا | 2026-02-12 | This issue was addressed through improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.… |
| CVE-2026-20675 | Medium | 5,5 | لا | 2026-02-12 | The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, … |
| CVE-2026-20674 | Medium | 4,6 | لا | 2026-02-12 | A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker … |
| CVE-2026-20673 | Medium | 5,3 | لا | 2026-02-12 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18… |
| CVE-2026-20671 | Low | 3,1 | لا | 2026-02-12 | A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, mac… |
| CVE-2026-20669 | Medium | 5,5 | لا | 2026-02-12 | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in … |
| CVE-2026-20667 | High | 8,8 | لا | 2026-02-12 | A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 1… |
| CVE-2026-20666 | Medium | 5,5 | لا | 2026-02-12 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.3. An app ma… |
| CVE-2026-20663 | Low | 3,3 | لا | 2026-02-12 | The issue was resolved by sanitizing logging. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18… |
| CVE-2026-20662 | Medium | 4,6 | لا | 2026-02-12 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS… |
| CVE-2026-20661 | Medium | 4,6 | لا | 2026-02-12 | An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, i… |
| CVE-2026-20660 | High | 7,5 | لا | 2026-02-12 | A path handling issue was addressed with improved logic. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, … |
| CVE-2026-20658 | High | 7,8 | لا | 2026-02-12 | A package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. A… |
| CVE-2026-20656 | Low | 3,3 | لا | 2026-02-12 | A logic issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, Safari 26.3,… |