الثغرات / Vulnerabilities
بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى أدناه مبني على المصادر الرسمية فقط.
| CVE | الشدة | CVSS | مستغلة فعليًا؟ | تاريخ النشر | ملخص عربي |
|---|---|---|---|---|---|
| CVE-2025-22042 | Medium | 5,5 | لا | 2025-04-16 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: add bounds check for create lease context Ad… |
| CVE-2025-3569 | Medium | 5,3 | لا | 2025-04-14 | A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0 and classified as critical. Affected by this i… |
| CVE-2025-3546 | High | 8,6 | لا | 2025-04-14 | A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014.… |
| CVE-2025-26647 | High | 8,8 | لا | 2025-04-08 | Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network. |
| CVE-2025-21429 | High | 7,5 | لا | 2025-04-07 | Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request. |
| CVE-2025-21104 | Medium | 4,3 | لا | 2025-03-13 | Dell NetWorker, versions prior to 19.11.0.4 and version 19.12, contains an URL Redirection to Untrusted Site ('Open Red… |
| CVE-2025-24054 | Medium | 6,5 | نعم (KEV) | 2025-03-11 | External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a networ… |
| CVE-2024-56182 | High | 8,4 | لا | 2025-03-11 | A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.1… |
| CVE-2024-56181 | High | 8,4 | لا | 2025-03-11 | A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07… |
| CVE-2025-23368 | High | 8,1 | لا | 2025-03-04 | A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multip… |
| CVE-2024-51962 | High | 8,7 | لا | 2025-03-03 | A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify column properties in a manner that co… |
| CVE-2024-51954 | High | 8,5 | لا | 2025-03-03 | There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux which, under un… |
| CVE-2025-26466 | Medium | 5,9 | لا | 2025-03-01 | A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a … |
| CVE-2024-57049 | Critical | 9,8 | لا | 2025-02-18 | A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized ind… |
| CVE-2025-23367 | Medium | 6,5 | لا | 2025-01-30 | A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control managem… |
| CVE-2025-23366 | Medium | 6,5 | لا | 2025-01-14 | A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user… |
| CVE-2025-21389 | High | 7,5 | لا | 2025-01-14 | Uncontrolled resource consumption in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker… |
| CVE-2025-21300 | High | 7,5 | لا | 2025-01-14 | Windows Universal Plug and Play (UPnP) Device Host Denial of Service Vulnerability |
| CVE-2024-54819 | Critical | 9,1 | لا | 2025-01-07 | I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input vali… |
| CVE-2024-43468 | Critical | 9,8 | نعم (KEV) | 2024-10-08 | Microsoft Configuration Manager Remote Code Execution Vulnerability |
| CVE-2024-8149 | Medium | 4,6 | لا | 2024-10-04 | There is a reflected Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may… |
| CVE-2024-47067 | Medium | 5,1 | لا | 2024-09-30 | AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerabi… |
| CVE-2024-44825 | High | 7,5 | لا | 2024-09-25 | Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows atta… |
| CVE-2024-42845 | High | 8,0 | لا | 2024-08-23 | An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 a… |
| CVE-2024-42079 | Medium | 5,5 | لا | 2024-07-29 | In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix NULL pointer dereference in gfs2_log_flus… |
| CVE-2024-41355 | Medium | 6,5 | لا | 2024-07-26 | phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php. |
| CVE-2024-7014 | High | 7,1 | لا | 2024-07-23 | EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting… |
| CVE-2024-31397 | Medium | 4,9 | لا | 2024-06-11 | Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a … |
| CVE-2022-37020 | Medium | 6,8 | لا | 2024-06-11 | Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalat… |
| CVE-2024-5653 | Medium | 6,9 | لا | 2024-06-06 | A vulnerability, which was classified as critical, has been found in Chanjet Smooth T+system 3.5. This issue affects so… |
| CVE-2024-35224 | High | 7,6 | لا | 2024-05-23 | OpenProject is the leading open source project management software. OpenProject utilizes `tablesorter` inside of the Co… |
| CVE-2024-25709 | Medium | 6,1 | لا | 2024-04-04 | There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may a… |
| CVE-2024-25705 | Medium | 5,4 | لا | 2024-04-04 | There is a cross‑site scripting (XSS) vulnerability in Esri Portal for ArcGIS Experience Builder versions 11.1 and belo… |
| CVE-2024-25699 | High | 8,5 | لا | 2024-04-04 | There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versio… |
| CVE-2023-48124 | Medium | 5,4 | لا | 2023-11-21 | Cross Site Scripting in SUP Online Shopping v.1.0 allows a remote attacker to execute arbitrary code via the Name, Emai… |
| CVE-2023-47240 | Medium | 6,5 | لا | 2023-11-16 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Codeboxr CBX Map for Google Map & OpenStreetMap… |
| CVE-2023-36419 | High | 8,8 | لا | 2023-10-10 | Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability |
| CVE-2023-4911 | High | 7,8 | نعم (KEV) | 2023-10-03 | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES enviro… |
| CVE-2023-38156 | High | 7,2 | لا | 2023-09-12 | Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability |
| CVE-2023-4451 | Medium | 6,1 | لا | 2023-08-20 | Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. |
| CVE-2023-38188 | Medium | 4,5 | لا | 2023-08-08 | Azure Apache Hadoop Spoofing Vulnerability |
| CVE-2023-36881 | Medium | 4,5 | لا | 2023-08-08 | Azure Apache Ambari Spoofing Vulnerability |
| CVE-2023-36877 | Medium | 4,5 | لا | 2023-08-08 | Azure Apache Oozie Spoofing Vulnerability |
| CVE-2023-35394 | Medium | 4,6 | لا | 2023-08-08 | Azure HDInsight Jupyter Notebook Spoofing Vulnerability |
| CVE-2023-35393 | Medium | 4,5 | لا | 2023-08-08 | Azure Apache Hive Spoofing Vulnerability |
| CVE-2023-25837 | High | 8,4 | لا | 2023-07-21 | There is a Cross‑Site Scripting (XSS) vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may al… |
| CVE-2023-25835 | High | 8,4 | لا | 2023-07-21 | There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS Sites versions 11.1 and below that… |
| CVE-2023-33498 | High | 8,8 | لا | 2023-06-07 | alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file. |
| CVE-2023-28322 | Low | 3,7 | لا | 2023-05-27 | An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously … |
| CVE-2023-31726 | High | 7,5 | لا | 2023-05-24 | AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive informa… |