الثغرات / Vulnerabilities
بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى أدناه مبني على المصادر الرسمية فقط.
| CVE | الشدة | CVSS | مستغلة فعليًا؟ | تاريخ النشر | ملخص عربي |
|---|---|---|---|---|---|
| CVE-2025-14831 | Medium | 5,3 | لا | 2026-02-09 | تم العثور على خلل في GnuTLS. تسمح هذه الثغرة بتنفيذ هجوم حجب الخدمة (DoS) من خلال استهلاك مفرط لوحدة المعالجة المركزية … |
| CVE-2025-10465 | High | 8,8 | لا | 2026-02-09 | ثغرة في السماح بتحميل ملفات من نوع خطير دون قيود في منتج Sensaway من شركة Birtech Information Technologies Industry and… |
| CVE-2025-10464 | Medium | 6,5 | لا | 2026-02-09 | ثغرة تخزين غير آمن للمعلومات الحساسة في برنامج Senseway من شركة Birtech Information Technologies Industry and Trade Ltd… |
| CVE-2026-1960 | Medium | 5,1 | لا | 2026-02-09 | ثغرة أمنية من نوع تخزين هجوم عبر المواقع (Stored Cross-Site Scripting - XSS) موجودة في Loggro Pymes، عبر معلمة 'Faceboo… |
| CVE-2026-1959 | Medium | 5,1 | لا | 2026-02-09 | تم الكشف عن ثغرة تخزين البرمجة النصية عبر المواقع (Stored XSS) في نظام Loggro Pymes، عبر معامل "descripción" في نقطة ال… |
| CVE-2026-0632 | Medium | 5,4 | لا | 2026-02-09 | The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up t… |
| CVE-2025-7708 | Medium | 6,8 | لا | 2026-02-09 | Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net … |
| CVE-2025-6830 | Critical | 9,8 | لا | 2026-02-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpoda Türkiye Inf… |
| CVE-2025-10463 | High | 7,3 | لا | 2026-02-09 | Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows A… |
| CVE-2026-25848 | Critical | 9,1 | لا | 2026-02-09 | In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible |
| CVE-2026-25847 | High | 8,2 | لا | 2026-02-09 | In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible |
| CVE-2026-25846 | Medium | 6,5 | لا | 2026-02-09 | In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs |
| CVE-2026-24098 | Medium | 6,5 | لا | 2026-02-09 | Apache Airflow versions before 3.1.7, has vulnerability that allows authenticated UI users with permission to one or mo… |
| CVE-2026-22922 | Medium | 6,5 | لا | 2026-02-09 | Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with cus… |
| CVE-2026-2227 | Medium | 5,1 | لا | 2026-02-09 | A vulnerability was found in D-Link DCS-931L up to 1.13.0. Impacted is the function doSystem of the file /setSystemAdmi… |
| CVE-2026-2226 | Medium | 5,1 | لا | 2026-02-09 | A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.… |
| CVE-2026-23903 | Medium | 5,3 | لا | 2026-02-09 | Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. U… |
| CVE-2026-2225 | Medium | 6,9 | لا | 2026-02-09 | A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /adm… |
| CVE-2026-2224 | Medium | 5,1 | لا | 2026-02-09 | A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /sys… |
| CVE-2026-25916 | Medium | 4,3 | لا | 2026-02-09 | Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage. |
| CVE-2026-25905 | Medium | 5,8 | لا | 2026-02-09 | The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any… |
| CVE-2026-25904 | Medium | 5,8 | لا | 2026-02-09 | The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the… |
| CVE-2025-7799 | High | 8,6 | لا | 2026-02-09 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zirve Info… |
| CVE-2026-2236 | High | 8,7 | لا | 2026-02-09 | C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbit… |
| CVE-2026-2235 | High | 7,1 | لا | 2026-02-09 | C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitra… |
| CVE-2026-2234 | Critical | 9,3 | لا | 2026-02-09 | C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to rea… |
| CVE-2026-2223 | Medium | 6,9 | لا | 2026-02-09 | A security vulnerability has been detected in code-projects Online Reviewer System 1.0. Affected by this issue is some … |
| CVE-2026-2222 | Medium | 4,8 | لا | 2026-02-09 | A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknow… |
| CVE-2026-22906 | Critical | 9,8 | لا | 2026-02-09 | User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining… |
| CVE-2026-22905 | High | 7,5 | لا | 2026-02-09 | An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path t… |
| CVE-2026-22904 | Critical | 9,8 | لا | 2026-02-09 | Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attac… |
| CVE-2026-22903 | Critical | 9,8 | لا | 2026-02-09 | An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can… |
| CVE-2026-2221 | Medium | 6,9 | لا | 2026-02-09 | A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the… |
| CVE-2026-2220 | Medium | 6,9 | لا | 2026-02-09 | A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the fil… |
| CVE-2026-24466 | High | 8,4 | لا | 2026-02-09 | Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) reg… |
| CVE-2026-1868 | Critical | 9,9 | لا | 2026-02-09 | GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions… |
| CVE-2026-0870 | High | 8,5 | لا | 2026-02-09 | MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. Due to the MacroHub application launchin… |
| CVE-2026-2218 | Medium | 5,3 | لا | 2026-02-09 | A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSyste… |
| CVE-2026-2217 | Medium | 6,9 | لا | 2026-02-09 | A vulnerability was found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of t… |
| CVE-2026-2216 | Medium | 5,3 | لا | 2026-02-09 | A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function download_export_file of the fil… |
| CVE-2026-22613 | Medium | 5,7 | لا | 2026-02-09 | The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentia… |
| CVE-2026-2215 | Medium | 6,3 | لا | 2026-02-09 | A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the… |
| CVE-2026-2214 | Medium | 4,8 | لا | 2026-02-09 | A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator… |
| CVE-2026-2213 | Medium | 5,1 | لا | 2026-02-09 | A security flaw has been discovered in code-projects Online Music Site 1.0. Affected by this issue is some unknown func… |
| CVE-2026-1615 | Critical | 9,2 | لا | 2026-02-09 | All versions of the package jsonpath are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied … |
| CVE-2025-66598 | High | 7,1 | لا | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports old SSL/T… |
| CVE-2025-66597 | High | 8,8 | لا | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports weak cryp… |
| CVE-2025-66596 | Medium | 6,9 | لا | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly … |
| CVE-2025-66595 | Medium | 6,3 | لا | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product is vulnerable to C… |
| CVE-2025-66594 | Medium | 6,9 | لا | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed… |