الثغرات / Vulnerabilities
بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى أدناه مبني على المصادر الرسمية فقط.
| CVE | الشدة | CVSS | مستغلة فعليًا؟ | تاريخ النشر | ملخص عربي |
|---|---|---|---|---|---|
| CVE-2026-26042 | N/A | - | لا | 2026-02-11 | Rejected reason: Not used |
| CVE-2026-26041 | N/A | - | لا | 2026-02-11 | Rejected reason: Not used |
| CVE-2026-26040 | N/A | - | لا | 2026-02-11 | Rejected reason: Not used |
| CVE-2026-26039 | N/A | - | لا | 2026-02-11 | Rejected reason: Not used |
| CVE-2026-26038 | N/A | - | لا | 2026-02-11 | Rejected reason: Not used |
| CVE-2026-26037 | N/A | - | لا | 2026-02-11 | Rejected reason: Not used |
| CVE-2026-26036 | N/A | - | لا | 2026-02-11 | Rejected reason: Not used |
| CVE-2026-1893 | Medium | 6,4 | لا | 2026-02-11 | The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btn_label… |
| CVE-2026-1231 | Medium | 6,4 | لا | 2026-02-11 | The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site… |
| CVE-2025-15524 | Medium | 4,3 | لا | 2026-02-11 | The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability… |
| CVE-2025-14541 | High | 7,2 | لا | 2026-02-11 | The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and includi… |
| CVE-2025-13431 | Medium | 6,5 | لا | 2026-02-11 | The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all v… |
| CVE-2026-1571 | Medium | 5,3 | لا | 2026-02-11 | User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbi… |
| CVE-2026-25872 | Medium | 6,9 | لا | 2026-02-11 | JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the… |
| CVE-2026-25870 | Medium | 6,9 | لا | 2026-02-11 | DoraCMS version 3.1 and prior contains a server-side request forgery (SSRF) vulnerability in its UEditor remote image f… |
| CVE-2026-25251 | N/A | - | لا | 2026-02-11 | Rejected reason: This has been moved to the REJECTED state because the information source is under review. If circumsta… |
| CVE-2026-26013 | Low | 3,7 | لا | 2026-02-11 | LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.get_num_toke… |
| CVE-2026-26007 | High | 8,2 | لا | 2026-02-11 | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5… |
| CVE-2026-26006 | Medium | 6,5 | لا | 2026-02-11 | AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that au… |
| CVE-2026-1507 | High | 8,7 | لا | 2026-02-11 | The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely … |
| CVE-2026-1495 | Medium | 5,7 | لا | 2026-02-11 | The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain prox… |
| CVE-2025-12699 | Medium | 6,7 | لا | 2026-02-11 | The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into P… |
| CVE-2026-2303 | Medium | 6,9 | لا | 2026-02-10 | The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS. The C wra… |
| CVE-2026-21349 | High | 7,8 | لا | 2026-02-10 | Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in a… |
| CVE-2026-21348 | Medium | 5,5 | لا | 2026-02-10 | Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerability that could lead t… |
| CVE-2026-1763 | Medium | 4,6 | لا | 2026-02-10 | Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions. |
| CVE-2026-1762 | Low | 2,9 | لا | 2026-02-10 | A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 … |
| CVE-2025-54514 | Medium | 4,8 | لا | 2026-02-10 | Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could p… |
| CVE-2025-52536 | Medium | 6,7 | لا | 2026-02-10 | Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware po… |
| CVE-2025-52534 | Medium | 5,3 | لا | 2026-02-10 | Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resultin… |
| CVE-2025-48517 | Medium | 4,6 | لا | 2026-02-10 | Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to… |
| CVE-2025-48515 | Medium | 5,4 | لا | 2026-02-10 | Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SP… |
| CVE-2025-48514 | Medium | 4,0 | لا | 2026-02-10 | Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to … |
| CVE-2025-48509 | Low | 1,8 | لا | 2026-02-10 | Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause … |
| CVE-2025-29952 | Medium | 5,9 | لا | 2026-02-10 | Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged att… |
| CVE-2025-29951 | High | 7,3 | لا | 2026-02-10 | A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially… |
| CVE-2025-29950 | High | 7,1 | لا | 2026-02-10 | Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory l… |
| CVE-2025-29949 | Medium | 4,8 | لا | 2026-02-10 | Insufficient input parameter sanitization in AMD Secure Processor (ASP) Boot Loader (legacy recovery mode only) could a… |
| CVE-2025-29948 | Medium | 5,9 | لا | 2026-02-10 | Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to byp… |
| CVE-2025-29946 | Medium | 4,5 | لا | 2026-02-10 | Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. This can poten… |
| CVE-2025-29939 | Medium | 6,9 | لا | 2026-02-10 | Improper access control in secure encrypted virtualization (SEV) could allow a privileged attacker to write to the reve… |
| CVE-2025-0031 | Medium | 4,6 | لا | 2026-02-10 | A use after free in the SEV firmware could allow a malicous hypervisor to activate a migrated guest with the SINGLE_SOC… |
| CVE-2025-0029 | Low | 1,8 | لا | 2026-02-10 | Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively… |
| CVE-2025-0012 | Medium | 6,8 | لا | 2026-02-10 | Improper handling of overlap between the segmented reverse map table (RMP) and system management mode (SMM) memory coul… |
| CVE-2024-36355 | High | 7,0 | لا | 2026-02-10 | Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify exe… |
| CVE-2024-36311 | Medium | 4,6 | لا | 2026-02-10 | A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow a privileged attacker … |
| CVE-2024-36310 | Medium | 4,6 | لا | 2026-02-10 | Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bound… |
| CVE-2024-21953 | Medium | 5,9 | لا | 2026-02-10 | Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss … |
| CVE-2021-26410 | Low | 1,8 | لا | 2026-02-10 | Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter val… |
| CVE-2021-26381 | High | 7,1 | لا | 2026-02-10 | Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmappin… |