الثغرات / Vulnerabilities
بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى أدناه مبني على المصادر الرسمية فقط.
| CVE | الشدة | CVSS | مستغلة فعليًا؟ | تاريخ النشر | ملخص عربي |
|---|---|---|---|---|---|
| CVE-2026-2361 | High | 8,0 | لا | 2026-02-11 | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary … |
| CVE-2026-2360 | High | 8,0 | لا | 2026-02-11 | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom ope… |
| CVE-2026-0229 | Medium | 6,6 | لا | 2026-02-11 | A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® softw… |
| CVE-2026-0228 | Low | 1,3 | لا | 2026-02-11 | An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to… |
| CVE-2025-70085 | Critical | 9,8 | لا | 2026-02-11 | An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprint… |
| CVE-2025-70084 | High | 7,5 | لا | 2026-02-11 | Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delet… |
| CVE-2025-70083 | High | 7,8 | لا | 2026-02-11 | An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and… |
| CVE-2025-70029 | High | 7,5 | لا | 2026-02-11 | An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disab… |
| CVE-2025-69874 | Critical | 9,8 | لا | 2026-02-11 | nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers … |
| CVE-2025-65480 | High | 8,8 | لا | 2026-02-11 | An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report T… |
| CVE-2025-65128 | Critical | 9,1 | لا | 2026-02-11 | A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23… |
| CVE-2026-25084 | Critical | 9,3 | لا | 2026-02-11 | Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs. |
| CVE-2026-24789 | Critical | 9,3 | لا | 2026-02-11 | An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication. |
| CVE-2025-65127 | High | 7,5 | لا | 2026-02-11 | A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remo… |
| CVE-2025-13391 | Medium | 5,8 | لا | 2026-02-11 | The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerab… |
| CVE-2026-25869 | Medium | 6,9 | لا | 2026-02-11 | MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The ap… |
| CVE-2026-25868 | Medium | 5,1 | لا | 2026-02-11 | MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting (XSS) vulnerability in index.php via the … |
| CVE-2026-1837 | High | 8,7 | لا | 2026-02-11 | A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after… |
| CVE-2025-64075 | Critical | 10,0 | لا | 2026-02-11 | A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows… |
| CVE-2025-12474 | Low | 2,3 | لا | 2026-02-11 | A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. This … |
| CVE-2026-2345 | Low | 3,6 | لا | 2026-02-11 | Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.ad… |
| CVE-2026-2344 | High | 8,6 | لا | 2026-02-11 | A vulnerability in Plunet Plunet BusinessManager allows unauthorized actions being performed on behalf of privileged us… |
| CVE-2026-2250 | High | 7,5 | لا | 2026-02-11 | The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and ex… |
| CVE-2026-2249 | Critical | 9,8 | لا | 2026-02-11 | METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not requ… |
| CVE-2026-2248 | Critical | 9,8 | لا | 2026-02-11 | METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not requ… |
| CVE-2025-61969 | High | 7,0 | لا | 2026-02-11 | Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation… |
| CVE-2025-52541 | High | 7,3 | لا | 2026-02-11 | A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resul… |
| CVE-2025-48518 | Medium | 6,9 | لا | 2026-02-11 | Improper input validation in AMD Graphics Driver could allow a local attacker to write out of bounds, potentially resul… |
| CVE-2025-48508 | Medium | 6,0 | لا | 2026-02-11 | Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtua… |
| CVE-2025-48503 | High | 7,8 | لا | 2026-02-11 | A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation pot… |
| CVE-2025-12059 | Critical | 9,8 | لا | 2026-02-11 | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry… |
| CVE-2024-36324 | High | 8,8 | لا | 2026-02-11 | Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potenti… |
| CVE-2024-36320 | High | 7,0 | لا | 2026-02-11 | Integer Overflow within atihdwt6.sys can allow a local attacker to cause out of bound read/write potentially leading to… |
| CVE-2024-36316 | Medium | 5,5 | لا | 2026-02-11 | The integer overflow vulnerability within AMD Graphics driver could allow an attacker to bypass size checks potentially… |
| CVE-2023-31324 | High | 7,1 | لا | 2026-02-11 | A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify… |
| CVE-2023-20548 | High | 7,1 | لا | 2026-02-11 | A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrup… |
| CVE-2023-20514 | High | 8,7 | لا | 2026-02-11 | Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrar… |
| CVE-2019-25317 | Medium | 5,1 | لا | 2026-02-11 | Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into… |
| CVE-2019-25316 | Medium | 5,1 | لا | 2026-02-11 | GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject m… |
| CVE-2019-25315 | Medium | 5,1 | لا | 2026-02-11 | WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to injec… |
| CVE-2019-25314 | Medium | 4,8 | لا | 2026-02-11 | Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings… |
| CVE-2019-25312 | Medium | 5,1 | لا | 2026-02-11 | InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticate… |
| CVE-2019-25311 | Medium | 5,1 | لا | 2026-02-11 | thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject maliciou… |
| CVE-2019-25310 | High | 8,5 | لا | 2026-02-11 | ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that… |
| CVE-2019-25309 | High | 8,5 | لا | 2026-02-11 | Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potent… |
| CVE-2019-25308 | High | 8,5 | لا | 2026-02-11 | Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration… |
| CVE-2019-25307 | High | 8,5 | لا | 2026-02-11 | WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows lo… |
| CVE-2019-25306 | High | 8,5 | لا | 2026-02-11 | BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially … |
| CVE-2018-25157 | Medium | 5,1 | لا | 2026-02-11 | Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicio… |
| CVE-2026-2337 | High | 8,7 | لا | 2026-02-11 | A vulnerability in Plunet Plunet BusinessManager allows session hijacking, data theft, unauthorized actions on behalf o… |