الثغرات / Vulnerabilities
بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى أدناه مبني على المصادر الرسمية فقط.
| CVE | الشدة | CVSS | مستغلة فعليًا؟ | تاريخ النشر | ملخص عربي |
|---|---|---|---|---|---|
| CVE-2026-25761 | High | 8,8 | لا | 2026-02-10 | Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Sup… |
| CVE-2026-25740 | Medium | 5,8 | لا | 2026-02-10 | captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 an… |
| CVE-2026-25639 | High | 7,5 | لا | 2026-02-10 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.5, the mergeConfig function in axios cr… |
| CVE-2026-25528 | Medium | 5,8 | لا | 2026-02-10 | LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracin… |
| CVE-2026-2246 | Medium | 4,8 | لا | 2026-02-09 | A security vulnerability has been detected in AprilRobotics apriltag up to 3.4.5. Affected by this vulnerability is the… |
| CVE-2026-2245 | Medium | 4,8 | لا | 2026-02-09 | A vulnerability was identified in CCExtractor up to 183. This affects the function parse_PAT/parse_PMT in the library s… |
| CVE-2026-25598 | Medium | 6,3 | لا | 2026-02-09 | Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security … |
| CVE-2026-25498 | High | 8,6 | لا | 2026-02-09 | Craft is a platform for creating digital experiences. In versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.2… |
| CVE-2026-25497 | High | 8,6 | لا | 2026-02-09 | Craft is a platform for creating digital experiences. In Craft versions from 4.0.0-RC1 to before 4.17.0-beta.1 and 5.9.… |
| CVE-2026-25496 | Medium | 4,8 | لا | 2026-02-09 | Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through… |
| CVE-2026-25495 | High | 8,7 | لا | 2026-02-09 | Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through… |
| CVE-2026-25494 | Medium | 6,9 | لا | 2026-02-09 | Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through… |
| CVE-2026-25493 | Medium | 6,9 | لا | 2026-02-09 | Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through… |
| CVE-2026-25492 | Medium | 5,3 | لا | 2026-02-09 | Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the sav… |
| CVE-2026-25491 | Low | 1,9 | لا | 2026-02-09 | Craft is a platform for creating digital experiences. From 5.0.0-RC1 to 5.8.21, Craft has a stored XSS via Entry Type n… |
| CVE-2026-25480 | Medium | 6,5 | لا | 2026-02-09 | Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, FileStore maps cache keys to fi… |
| CVE-2026-25479 | Medium | 6,5 | لا | 2026-02-09 | Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, in litestar.middleware.allowed_… |
| CVE-2026-25478 | High | 7,4 | لا | 2026-02-09 | Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, CORSConfig.allowed_origins_rege… |
| CVE-2026-25231 | High | 7,5 | لا | 2026-02-09 | FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauth… |
| CVE-2026-25230 | Medium | 4,6 | لا | 2026-02-09 | FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an a… |
| CVE-2026-25057 | Critical | 9,1 | لا | 2026-02-09 | MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able… |
| CVE-2026-24900 | Medium | 6,5 | لا | 2026-02-09 | MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses/<:course… |
| CVE-2026-1529 | High | 8,1 | لا | 2026-02-09 | A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target em… |
| CVE-2026-1486 | High | 8,8 | لا | 2026-02-09 | A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to veri… |
| CVE-2025-14778 | Medium | 5,4 | لا | 2026-02-09 | A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionServ… |
| CVE-2026-24777 | Medium | 6,7 | لا | 2026-02-09 | OpenProject is an open-source, web-based project management software. Prior to 17.0.2, users with the Manage Users perm… |
| CVE-2026-24684 | High | 8,7 | لا | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can … |
| CVE-2026-24683 | High | 8,7 | لا | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a l… |
| CVE-2026-24682 | High | 8,7 | لا | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an in… |
| CVE-2026-24681 | High | 8,7 | لا | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completio… |
| CVE-2026-24680 | High | 8,7 | لا | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure… |
| CVE-2026-24679 | High | 8,7 | لا | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplie… |
| CVE-2026-24678 | High | 8,7 | لا | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample respons… |
| CVE-2026-24677 | High | 8,7 | لا | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecam_encoder_compress_h264 trusts ser… |
| CVE-2026-24676 | High | 7,7 | لا | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the … |
| CVE-2026-24675 | High | 7,7 | لا | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the dev… |
| CVE-2026-24491 | High | 7,7 | لا | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, video_timer can send client notificat… |
| CVE-2026-23948 | Medium | 6,9 | لا | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerabil… |
| CVE-2026-2242 | Medium | 4,8 | لا | 2026-02-09 | A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/co… |
| CVE-2026-2241 | Medium | 4,8 | لا | 2026-02-09 | A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function os_strftime of the file src/core/… |
| CVE-2026-21419 | Medium | 6,6 | لا | 2026-02-09 | Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link Resolution Before File Acc… |
| CVE-2025-7432 | Low | 1,0 | لا | 2026-02-09 | DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. This may allow an atta… |
| CVE-2025-66630 | Critical | 9,2 | لا | 2026-02-09 | Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying … |
| CVE-2026-2240 | Medium | 4,8 | لا | 2026-02-09 | A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcde… |
| CVE-2026-24095 | Medium | 5,3 | لا | 2026-02-09 | Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allow… |
| CVE-2026-24027 | Medium | 5,3 | لا | 2026-02-09 | Crafted zones can lead to increased incoming network traffic. |
| CVE-2026-0398 | Medium | 5,3 | لا | 2026-02-09 | Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor. |
| CVE-2025-63354 | Medium | 4,6 | لا | 2026-02-09 | Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fai… |
| CVE-2025-59024 | Medium | 6,5 | لا | 2026-02-09 | Crafted delegations or IP fragments can poison cached delegations in Recursor. |
| CVE-2025-59023 | High | 8,2 | لا | 2026-02-09 | Crafted delegations or IP fragments can poison cached delegations in Recursor. |