الثغرات / Vulnerabilities
بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى أدناه مبني على المصادر الرسمية فقط.
| CVE | الشدة | CVSS | مستغلة فعليًا؟ | تاريخ النشر | ملخص عربي |
|---|---|---|---|---|---|
| CVE-2025-46303 | Medium | 5.7 | لا | 2026-02-12 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS… |
| CVE-2025-46302 | Medium | 5.7 | لا | 2026-02-12 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS… |
| CVE-2025-46301 | Medium | 5.7 | لا | 2026-02-12 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS… |
| CVE-2025-46300 | Medium | 5.7 | لا | 2026-02-12 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS… |
| CVE-2025-46290 | High | 7.5 | لا | 2026-02-12 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. A r… |
| CVE-2025-43537 | Medium | 5.5 | لا | 2026-02-12 | A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5. Rest… |
| CVE-2025-43417 | Medium | 5.5 | لا | 2026-02-12 | A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4. An app may be able… |
| CVE-2025-43403 | Medium | 5.5 | لا | 2026-02-12 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS… |
| CVE-2026-26031 | Low | 1.3 | لا | 2026-02-12 | Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.44.0,… |
| CVE-2026-26029 | High | 7.5 | لا | 2026-02-12 | sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability e… |
| CVE-2026-26023 | Medium | 5.3 | لا | 2026-02-12 | Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been fou… |
| CVE-2026-26021 | Critical | 9.4 | لا | 2026-02-12 | set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability … |
| CVE-2026-26019 | Medium | 4.1 | لا | 2026-02-12 | LangChain is a framework for building LLM-powered applications. Prior to 1.1.14, the RecursiveUrlLoader class in @langc… |
| CVE-2026-26012 | Medium | 6.5 | لا | 2026-02-12 | vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to 1.35… |
| CVE-2024-50619 | High | 8.8 | لا | 2026-02-12 | Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to e… |
| CVE-2024-50617 | High | 7.5 | لا | 2026-02-12 | Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers t… |
| CVE-2026-26158 | High | 7.0 | لا | 2026-02-12 | A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction d… |
| CVE-2026-26157 | High | 7.0 | لا | 2026-02-12 | A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to cra… |
| CVE-2026-26014 | Medium | 5.9 | لا | 2026-02-12 | Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.… |
| CVE-2026-26010 | High | 7.6 | لا | 2026-02-12 | OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines… |
| CVE-2026-25999 | High | 7.1 | لا | 2026-02-12 | Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to 2.10.2, there is an improper acce… |
| CVE-2026-25994 | High | 8.1 | لا | 2026-02-12 | PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow v… |
| CVE-2026-25990 | High | 8.9 | لا | 2026-02-12 | Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a… |
| CVE-2026-25935 | High | 8.6 | لا | 2026-02-12 | Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets t… |
| CVE-2026-25924 | High | 8.4 | لا | 2026-02-12 | Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulne… |
| CVE-2026-25759 | High | 8.7 | لا | 2026-02-12 | Statmatic is a Laravel and Git powered content management system (CMS). From 6.0.0 to before 6.2.3, a stored XSS vulner… |
| CVE-2026-25633 | Medium | 4.3 | لا | 2026-02-12 | Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permi… |
| CVE-2026-25062 | Medium | 5.5 | لا | 2026-02-12 | Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the v… |
| CVE-2025-68663 | Medium | 6.9 | لا | 2026-02-12 | Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline'… |
| CVE-2025-64487 | High | 7.6 | لا | 2026-02-12 | Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability … |
| CVE-2024-50620 | High | 8.8 | لا | 2026-02-12 | Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage compo… |
| CVE-2020-37215 | Medium | 4.6 | لا | 2026-02-12 | MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the applic… |
| CVE-2020-37214 | High | 8.7 | لا | 2026-02-12 | Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by ma… |
| CVE-2020-37213 | Medium | 6.7 | لا | 2026-02-12 | TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by send… |
| CVE-2020-37212 | Medium | 4.6 | لا | 2026-02-12 | SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to … |
| CVE-2020-37211 | Medium | 4.6 | لا | 2026-02-12 | SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a lar… |
| CVE-2020-37210 | Medium | 4.6 | لا | 2026-02-12 | SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash th… |
| CVE-2020-37209 | Medium | 4.6 | لا | 2026-02-12 | SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers t… |
| CVE-2020-37208 | Medium | 4.6 | لا | 2026-02-12 | SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to c… |
| CVE-2020-37207 | Medium | 4.6 | لا | 2026-02-12 | SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers t… |
| CVE-2020-37206 | Medium | 4.6 | لا | 2026-02-12 | ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an… |
| CVE-2020-37205 | Medium | 4.6 | لا | 2026-02-12 | RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overfl… |
| CVE-2020-37204 | Medium | 4.6 | لا | 2026-02-12 | RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to c… |
| CVE-2020-37203 | Medium | 4.6 | لا | 2026-02-12 | Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the applicati… |
| CVE-2020-37202 | Medium | 4.6 | لا | 2026-02-12 | NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supp… |
| CVE-2020-37201 | Medium | 4.6 | لا | 2026-02-12 | NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers t… |
| CVE-2020-37200 | Medium | 4.6 | لا | 2026-02-12 | NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to… |
| CVE-2020-37199 | Medium | 4.6 | لا | 2026-02-12 | NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to cra… |
| CVE-2020-37198 | Medium | 6.7 | لا | 2026-02-12 | Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application b… |
| CVE-2020-37197 | Medium | 4.6 | لا | 2026-02-12 | Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the applicat… |