الثغرات / Vulnerabilities
بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى أدناه مبني على المصادر الرسمية فقط.
| CVE | الشدة | CVSS | مستغلة فعليًا؟ | تاريخ النشر | ملخص عربي |
|---|---|---|---|---|---|
| CVE-2026-2302 | Medium | 6.9 | لا | 2026-02-10 | Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.from_hash may a… |
| CVE-2026-26009 | Critical | 9.9 | لا | 2026-02-10 | Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Instal… |
| CVE-2026-25613 | High | 7.1 | لا | 2026-02-10 | An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid comp… |
| CVE-2026-25610 | High | 7.1 | لا | 2026-02-10 | An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints. |
| CVE-2026-25609 | Medium | 5.3 | لا | 2026-02-10 | Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is rea… |
| CVE-2026-25506 | High | 7.7 | لا | 2026-02-10 | MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can… |
| CVE-2026-21355 | Medium | 5.5 | لا | 2026-02-10 | DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory e… |
| CVE-2026-21354 | Medium | 5.5 | لا | 2026-02-10 | DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead… |
| CVE-2026-21353 | High | 7.8 | لا | 2026-02-10 | DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could resu… |
| CVE-2026-21352 | High | 7.8 | لا | 2026-02-10 | DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbit… |
| CVE-2026-21347 | High | 7.8 | لا | 2026-02-10 | Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could r… |
| CVE-2026-21346 | High | 7.8 | لا | 2026-02-10 | Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in ar… |
| CVE-2026-21345 | High | 7.8 | لا | 2026-02-10 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a craf… |
| CVE-2026-21344 | High | 7.8 | لا | 2026-02-10 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a craf… |
| CVE-2026-21343 | High | 7.8 | لا | 2026-02-10 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a craf… |
| CVE-2026-21342 | High | 7.8 | لا | 2026-02-10 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result … |
| CVE-2026-21341 | High | 7.8 | لا | 2026-02-10 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result … |
| CVE-2026-1850 | High | 7.1 | لا | 2026-02-10 | Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash. |
| CVE-2026-1849 | High | 7.1 | لا | 2026-02-10 | MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested document… |
| CVE-2026-1848 | High | 8.2 | لا | 2026-02-10 | Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes … |
| CVE-2026-1847 | High | 7.1 | لا | 2026-02-10 | Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the … |
| CVE-2026-26003 | Medium | 6.9 | لا | 2026-02-10 | FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system throug… |
| CVE-2026-25993 | Critical | 9.3 | لا | 2026-02-10 | EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application … |
| CVE-2026-25992 | High | 7.5 | لا | 2026-02-10 | SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive st… |
| CVE-2026-25956 | Medium | 6.1 | لا | 2026-02-10 | Frappe is a full-stack web application framework. Prior to 14.99.14 and 15.94.0, an attacker could craft a malicious si… |
| CVE-2026-25950 | N/A | - | لا | 2026-02-10 | Rejected reason: Further research determined the issue is not a vulnerability. |
| CVE-2026-25947 | High | 8.8 | لا | 2026-02-10 | Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered… |
| CVE-2026-25805 | Medium | 6.4 | لا | 2026-02-10 | Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, wh… |
| CVE-2026-25728 | Critical | 9.3 | لا | 2026-02-10 | ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #40, a Time-of-Check to Time-of-Use (TOCTOU) r… |
| CVE-2026-25646 | High | 8.3 | لا | 2026-02-10 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics)… |
| CVE-2026-25612 | High | 7.1 | لا | 2026-02-10 | The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what… |
| CVE-2026-25611 | High | 8.7 | لا | 2026-02-10 | A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server. |
| CVE-2026-25577 | High | 7.5 | لا | 2026-02-10 | Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_cor… |
| CVE-2026-24045 | High | 7.3 | لا | 2026-02-10 | Docmost is open-source collaborative wiki and documentation software. From g and before 0.25.0, the public share page f… |
| CVE-2026-23655 | Medium | 6.5 | لا | 2026-02-10 | Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose informati… |
| CVE-2026-21537 | High | 8.8 | لا | 2026-02-10 | Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attack… |
| CVE-2026-21533 | High | 7.8 | نعم (KEV) | 2026-02-10 | Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. |
| CVE-2026-21531 | Critical | 9.8 | لا | 2026-02-10 | Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network. |
| CVE-2026-21529 | Medium | 5.7 | لا | 2026-02-10 | Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an auth… |
| CVE-2026-21528 | Medium | 6.5 | لا | 2026-02-10 | Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to disclose information over a n… |
| CVE-2026-21527 | Medium | 6.5 | لا | 2026-02-10 | User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attac… |
| CVE-2026-21525 | Medium | 6.2 | نعم (KEV) | 2026-02-10 | Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service lo… |
| CVE-2026-21523 | High | 8.0 | لا | 2026-02-10 | Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to … |
| CVE-2026-21522 | Medium | 6.7 | لا | 2026-02-10 | Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an … |
| CVE-2026-21519 | High | 7.8 | نعم (KEV) | 2026-02-10 | Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker t… |
| CVE-2026-21518 | Medium | 6.5 | لا | 2026-02-10 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio… |
| CVE-2026-21517 | Medium | 4.7 | لا | 2026-02-10 | Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to … |
| CVE-2026-21516 | High | 8.8 | لا | 2026-02-10 | Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unautho… |
| CVE-2026-21514 | High | 7.8 | نعم (KEV) | 2026-02-10 | Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass … |
| CVE-2026-21513 | High | 8.8 | نعم (KEV) | 2026-02-10 | Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a ne… |