الثغرات / Vulnerabilities
بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى أدناه مبني على المصادر الرسمية فقط.
| CVE | الشدة | CVSS | مستغلة فعليًا؟ | تاريخ النشر | ملخص عربي |
|---|---|---|---|---|---|
| CVE-2025-30269 | Low | 0,6 | لا | 2026-02-11 | A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attac… |
| CVE-2025-30266 | Low | 0,6 | لا | 2026-02-11 | A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user a… |
| CVE-2024-56808 | Low | 2,0 | لا | 2026-02-11 | A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local networ… |
| CVE-2024-56807 | Low | 1,7 | لا | 2026-02-11 | An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local netw… |
| CVE-2026-1458 | Medium | 6,5 | لا | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 1… |
| CVE-2026-1456 | Medium | 6,5 | لا | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 t… |
| CVE-2026-1387 | Medium | 6,5 | لا | 2026-02-11 | GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.… |
| CVE-2026-1282 | Low | 3,5 | لا | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and … |
| CVE-2026-1094 | Medium | 4,6 | لا | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed a… |
| CVE-2026-1080 | Medium | 4,3 | لا | 2026-02-11 | GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.… |
| CVE-2026-0958 | High | 7,5 | لا | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and … |
| CVE-2026-0595 | High | 7,3 | لا | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and … |
| CVE-2025-8099 | High | 7,5 | لا | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and … |
| CVE-2025-7659 | High | 8,0 | لا | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and … |
| CVE-2025-14594 | Low | 3,5 | لا | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and… |
| CVE-2025-14592 | Low | 3,7 | لا | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and … |
| CVE-2025-14560 | High | 7,3 | لا | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and … |
| CVE-2025-12575 | Medium | 5,4 | لا | 2026-02-11 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.… |
| CVE-2025-12073 | Medium | 4,3 | لا | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and … |
| CVE-2025-10174 | High | 8,3 | لا | 2026-02-11 | Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe P… |
| CVE-2026-2295 | Medium | 5,3 | لا | 2026-02-11 | The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access… |
| CVE-2025-15096 | High | 8,8 | لا | 2026-02-11 | The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in al… |
| CVE-2026-1885 | Medium | 6,4 | لا | 2026-02-11 | The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 's… |
| CVE-2026-1853 | Medium | 6,4 | لا | 2026-02-11 | The BuddyHolis ListSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listsearc… |
| CVE-2026-1833 | Medium | 5,3 | لا | 2026-02-11 | The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to… |
| CVE-2026-1827 | Medium | 6,4 | لا | 2026-02-11 | The Flask Micro code-editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's codeflas… |
| CVE-2026-1826 | Medium | 6,4 | لا | 2026-02-11 | The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via … |
| CVE-2026-1821 | Medium | 6,4 | لا | 2026-02-11 | The Microtango plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'restkey' parameter of the mt_… |
| CVE-2026-1809 | Medium | 6,4 | لا | 2026-02-11 | The HTML Tag Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes i… |
| CVE-2026-1804 | Medium | 6,4 | لا | 2026-02-11 | The WDES Responsive Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdes-popu… |
| CVE-2026-1786 | Medium | 6,5 | لا | 2026-02-11 | The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capa… |
| CVE-2026-1748 | Medium | 4,3 | لا | 2026-02-11 | The Invoct – PDF Invoices & Billing for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data d… |
| CVE-2026-1560 | High | 8,8 | لا | 2026-02-11 | The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up t… |
| CVE-2026-1215 | Medium | 4,3 | لا | 2026-02-11 | The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and inclu… |
| CVE-2026-0815 | Medium | 4,4 | لا | 2026-02-11 | The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in a… |
| CVE-2026-0724 | Medium | 4,4 | لا | 2026-02-11 | The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_wplyr_accent_color' p… |
| CVE-2025-9986 | High | 8,2 | لا | 2026-02-11 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information … |
| CVE-2025-15440 | High | 7,2 | لا | 2026-02-11 | The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Paramet… |
| CVE-2025-13651 | Medium | 6,9 | لا | 2026-02-11 | Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Applicat… |
| CVE-2025-13650 | Medium | 5,1 | لا | 2026-02-11 | An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not nece… |
| CVE-2025-13649 | Medium | 5,1 | لا | 2026-02-11 | An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not nece… |
| CVE-2025-13648 | Medium | 4,8 | لا | 2026-02-11 | An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is required… |
| CVE-2025-10913 | High | 8,3 | لا | 2026-02-11 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech C… |
| CVE-2025-10912 | Medium | 5,4 | لا | 2026-02-11 | Authorization Bypass Through User-Controlled Key vulnerability in Saastech Cleaning and Internet Services Inc. Temizlik… |
| CVE-2026-1357 | Critical | 9,8 | لا | 2026-02-11 | The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbit… |
| CVE-2026-1235 | Medium | 6,5 | لا | 2026-02-11 | The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenti… |
| CVE-2025-15400 | Medium | 6,5 | لا | 2026-02-11 | The Pix para Woocommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that res… |
| CVE-2026-26079 | Medium | 4,7 | لا | 2026-02-11 | Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comm… |
| CVE-2026-26044 | N/A | - | لا | 2026-02-11 | Rejected reason: Not used |
| CVE-2026-26043 | N/A | - | لا | 2026-02-11 | Rejected reason: Not used |