الثغرات / Vulnerabilities
بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى أدناه مبني على المصادر الرسمية فقط.
| CVE | الشدة | CVSS | مستغلة فعليًا؟ | تاريخ النشر | ملخص عربي |
|---|---|---|---|---|---|
| CVE-2026-0488 | Critical | 9,9 | لا | 2026-02-10 | An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function modu… |
| CVE-2026-0486 | Medium | 5,0 | لا | 2026-02-10 | In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authe… |
| CVE-2026-0485 | High | 7,5 | لا | 2026-02-10 | SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause … |
| CVE-2026-0484 | Medium | 6,5 | لا | 2026-02-10 | Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker … |
| CVE-2026-2258 | Medium | 4,8 | لا | 2026-02-10 | A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCol… |
| CVE-2026-0845 | High | 7,2 | لا | 2026-02-10 | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress i… |
| CVE-2025-15314 | Medium | 5,5 | لا | 2026-02-10 | Tanium addressed an arbitrary file deletion vulnerability in end-user-cx. |
| CVE-2025-15313 | Medium | 5,5 | لا | 2026-02-10 | Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS. |
| CVE-2025-15310 | High | 7,8 | لا | 2026-02-10 | Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools. |
| CVE-2025-15147 | Medium | 4,3 | لا | 2026-02-10 | The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecur… |
| CVE-2026-25958 | High | 7,7 | لا | 2026-02-10 | Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possib… |
| CVE-2026-25957 | Medium | 6,5 | لا | 2026-02-10 | Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make… |
| CVE-2026-25951 | High | 8,6 | لا | 2026-02-10 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path … |
| CVE-2026-25939 | Critical | 9,3 | لا | 2026-02-10 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through version 1.2.10, an authori… |
| CVE-2026-25938 | Critical | 9,5 | لا | 2026-02-10 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication … |
| CVE-2026-25934 | Medium | 4,3 | لا | 2026-02-10 | go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was disco… |
| CVE-2026-25931 | High | 7,8 | لا | 2026-02-10 | vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSetting… |
| CVE-2026-25895 | Critical | 9,5 | لا | 2026-02-10 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows… |
| CVE-2026-25894 | Critical | 9,5 | لا | 2026-02-10 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA all… |
| CVE-2026-25893 | Critical | 10,0 | لا | 2026-02-10 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.10, an authentication bypass vul… |
| CVE-2025-15319 | High | 7,8 | لا | 2026-02-10 | Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools. |
| CVE-2025-15318 | Medium | 5,5 | لا | 2026-02-10 | Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools. |
| CVE-2026-25961 | High | 7,5 | لا | 2026-02-10 | SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hos… |
| CVE-2026-25925 | High | 7,8 | لا | 2026-02-10 | PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a c… |
| CVE-2026-25923 | High | 8,7 | لا | 2026-02-10 | my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to… |
| CVE-2026-25920 | Medium | 5,5 | لا | 2026-02-10 | SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists i… |
| CVE-2026-25918 | Medium | 5,9 | لا | 2026-02-10 | unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-again… |
| CVE-2026-25892 | High | 7,5 | لا | 2026-02-10 | Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adm… |
| CVE-2026-25890 | High | 8,1 | لا | 2026-02-10 | File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, prev… |
| CVE-2026-25889 | Medium | 5,4 | لا | 2026-02-10 | File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, prev… |
| CVE-2026-25885 | Critical | 10,0 | لا | 2026-02-10 | PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss:… |
| CVE-2026-25881 | Critical | 9,0 | لا | 2026-02-10 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to … |
| CVE-2026-25880 | High | 7,8 | لا | 2026-02-10 | SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious b… |
| CVE-2026-25875 | Critical | 9,3 | لا | 2026-02-10 | PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorizati… |
| CVE-2026-25814 | Critical | 9,3 | لا | 2026-02-10 | PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query… |
| CVE-2026-25813 | High | 8,7 | لا | 2026-02-10 | PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs … |
| CVE-2026-25812 | Critical | 9,3 | لا | 2026-02-10 | PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enabl… |
| CVE-2026-25811 | Medium | 5,3 | لا | 2026-02-10 | PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application deriv… |
| CVE-2026-25808 | High | 7,5 | لا | 2026-02-10 | Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 a… |
| CVE-2026-25807 | High | 8,8 | لا | 2026-02-10 | ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, … |
| CVE-2025-15317 | Medium | 6,5 | لا | 2026-02-10 | Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server. |
| CVE-2025-15316 | Medium | 6,7 | لا | 2026-02-10 | Tanium addressed a local privilege escalation vulnerability in Tanium Server. |
| CVE-2025-15315 | Medium | 6,7 | لا | 2026-02-10 | Tanium addressed a local privilege escalation vulnerability in Tanium Module Server. |
| CVE-2026-25878 | Medium | 6,9 | لا | 2026-02-10 | FroshAdminer is the Adminer plugin for Shopware Platform. Prior to 2.2.1, the Adminer route (/admin/adminer) was access… |
| CVE-2026-25876 | Medium | 5,3 | لا | 2026-02-10 | PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/route… |
| CVE-2026-25810 | Medium | 5,3 | لا | 2026-02-10 | PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/route… |
| CVE-2026-25809 | Medium | 5,3 | لا | 2026-02-10 | PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the code evaluation e… |
| CVE-2026-25806 | Medium | 5,3 | لا | 2026-02-10 | PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the GET /api/students… |
| CVE-2026-25791 | High | 7,5 | لا | 2026-02-10 | Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener ac… |
| CVE-2026-25765 | Medium | 5,8 | لا | 2026-02-10 | Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.… |