الثغرات / Vulnerabilities
بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى أدناه مبني على المصادر الرسمية فقط.
| CVE | الشدة | CVSS | مستغلة فعليًا؟ | تاريخ النشر | ملخص عربي |
|---|---|---|---|---|---|
| CVE-2025-14895 | Medium | 5,4 | لا | 2026-02-10 | The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. Th… |
| CVE-2024-52334 | Medium | 6,3 | لا | 2026-02-10 | A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF07). The affected application does not… |
| CVE-2025-11242 | Critical | 9,8 | لا | 2026-02-10 | Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade I… |
| CVE-2026-1722 | Medium | 5,3 | لا | 2026-02-10 | The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Ob… |
| CVE-2026-2099 | Medium | 5,1 | لا | 2026-02-10 | AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attacker… |
| CVE-2026-2098 | Medium | 5,1 | لا | 2026-02-10 | AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote att… |
| CVE-2026-2097 | High | 8,7 | لا | 2026-02-10 | Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to … |
| CVE-2026-2096 | Critical | 9,3 | لا | 2026-02-10 | Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers t… |
| CVE-2026-2095 | Critical | 9,3 | لا | 2026-02-10 | Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers t… |
| CVE-2026-2094 | High | 8,7 | لا | 2026-02-10 | Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arb… |
| CVE-2026-2093 | High | 8,7 | لا | 2026-02-10 | Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject a… |
| CVE-2025-12063 | Medium | 5,7 | لا | 2026-02-10 | An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having th… |
| CVE-2026-0996 | Medium | 6,4 | لا | 2026-02-10 | The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in al… |
| CVE-2025-13064 | Medium | 4,5 | لا | 2026-02-10 | A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script … |
| CVE-2025-12757 | Medium | 4,6 | لا | 2026-02-10 | An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are … |
| CVE-2025-11547 | High | 7,8 | لا | 2026-02-10 | AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user. |
| CVE-2025-11142 | High | 7,1 | لا | 2026-02-10 | The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code executi… |
| CVE-2026-25981 | N/A | - | لا | 2026-02-10 | Rejected reason: Not used |
| CVE-2026-25980 | N/A | - | لا | 2026-02-10 | Rejected reason: Not used |
| CVE-2026-25979 | N/A | - | لا | 2026-02-10 | Rejected reason: Not used |
| CVE-2026-25978 | N/A | - | لا | 2026-02-10 | Rejected reason: Not used |
| CVE-2026-25977 | N/A | - | لا | 2026-02-10 | Rejected reason: Not used |
| CVE-2026-25976 | N/A | - | لا | 2026-02-10 | Rejected reason: Not used |
| CVE-2026-25975 | N/A | - | لا | 2026-02-10 | Rejected reason: Not used |
| CVE-2026-25974 | N/A | - | لا | 2026-02-10 | Rejected reason: Not used |
| CVE-2026-25973 | N/A | - | لا | 2026-02-10 | Rejected reason: Not used |
| CVE-2026-2260 | High | 7,3 | لا | 2026-02-10 | A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin… |
| CVE-2026-2259 | Medium | 4,8 | لا | 2026-02-10 | A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parse… |
| CVE-2026-24328 | Medium | 6,1 | لا | 2026-02-10 | SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when cl… |
| CVE-2026-24327 | Medium | 4,3 | لا | 2026-02-10 | Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages)… |
| CVE-2026-24326 | Medium | 4,3 | لا | 2026-02-10 | Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker … |
| CVE-2026-24325 | Medium | 4,8 | لا | 2026-02-10 | SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Script… |
| CVE-2026-24324 | Medium | 6,5 | لا | 2026-02-10 | SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges t… |
| CVE-2026-24323 | Medium | 6,1 | لا | 2026-02-10 | The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameter… |
| CVE-2026-24322 | High | 7,7 | لا | 2026-02-10 | SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks … |
| CVE-2026-24321 | Medium | 5,3 | لا | 2026-02-10 | SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these o… |
| CVE-2026-24320 | Low | 3,1 | لا | 2026-02-10 | Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attack… |
| CVE-2026-24319 | Medium | 5,8 | لا | 2026-02-10 | In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaini… |
| CVE-2026-24312 | Medium | 5,2 | لا | 2026-02-10 | An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrativ… |
| CVE-2026-23689 | High | 7,7 | لا | 2026-02-10 | Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular u… |
| CVE-2026-23688 | Medium | 4,3 | لا | 2026-02-10 | SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, re… |
| CVE-2026-23687 | High | 8,8 | لا | 2026-02-10 | SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obta… |
| CVE-2026-23686 | Low | 3,4 | لا | 2026-02-10 | Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administ… |
| CVE-2026-23685 | Medium | 4,4 | لا | 2026-02-10 | Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), an attacker authenticated as an administrator wi… |
| CVE-2026-23684 | Medium | 5,9 | لا | 2026-02-10 | A race condition vulnerability exists in the SAP Commerce cloud. Because of this when an attacker adds products to a ca… |
| CVE-2026-23681 | Medium | 4,3 | لا | 2026-02-10 | Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could i… |
| CVE-2026-0509 | Critical | 9,6 | لا | 2026-02-10 | SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform backgro… |
| CVE-2026-0508 | High | 7,3 | لا | 2026-02-10 | The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert … |
| CVE-2026-0505 | Medium | 6,1 | لا | 2026-02-10 | The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficient… |
| CVE-2026-0490 | High | 7,5 | لا | 2026-02-10 | SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted e… |