الثغرات / Vulnerabilities
بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى أدناه مبني على المصادر الرسمية فقط.
| CVE | الشدة | CVSS | مستغلة فعليًا؟ | تاريخ النشر | ملخص عربي |
|---|---|---|---|---|---|
| CVE-2026-21244 | High | 7.3 | لا | 2026-02-10 | Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. |
| CVE-2026-21243 | High | 7.5 | لا | 2026-02-10 | Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to den… |
| CVE-2026-21242 | High | 7.0 | لا | 2026-02-10 | Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. |
| CVE-2026-21241 | High | 7.0 | لا | 2026-02-10 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges loc… |
| CVE-2026-21240 | High | 7.8 | لا | 2026-02-10 | Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileg… |
| CVE-2026-21239 | High | 7.8 | لا | 2026-02-10 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| CVE-2026-21238 | High | 7.8 | لا | 2026-02-10 | Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privi… |
| CVE-2026-21237 | High | 7.0 | لا | 2026-02-10 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Li… |
| CVE-2026-21236 | High | 7.8 | لا | 2026-02-10 | Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate pr… |
| CVE-2026-21235 | High | 7.3 | لا | 2026-02-10 | Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
| CVE-2026-21234 | High | 7.0 | لا | 2026-02-10 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Device… |
| CVE-2026-21232 | High | 7.8 | لا | 2026-02-10 | Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. |
| CVE-2026-21231 | High | 7.8 | لا | 2026-02-10 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an… |
| CVE-2026-21229 | High | 8.0 | لا | 2026-02-10 | Improper input validation in Power BI allows an authorized attacker to execute code over a network. |
| CVE-2026-21228 | High | 8.1 | لا | 2026-02-10 | Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network. |
| CVE-2026-21222 | Medium | 5.5 | لا | 2026-02-10 | Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose informatio… |
| CVE-2026-21218 | High | 7.5 | لا | 2026-02-10 | Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network. |
| CVE-2026-20846 | High | 7.5 | لا | 2026-02-10 | Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. |
| CVE-2026-20841 | High | 7.8 | لا | 2026-02-10 | Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an un… |
| CVE-2026-1997 | Medium | 6.9 | لا | 2026-02-10 | Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, pote… |
| CVE-2026-1996 | Medium | 6.9 | لا | 2026-02-10 | Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled… |
| CVE-2026-0653 | High | 7.2 | لا | 2026-02-10 | On TP-Link Tapo C260 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted re… |
| CVE-2026-0652 | High | 8.7 | لا | 2026-02-10 | On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters… |
| CVE-2026-0651 | Medium | 5.3 | لا | 2026-02-10 | On TP-Link Tapo C260 v1, path traversal is possible due to improper handling of specific GET request paths via https, a… |
| CVE-2025-6010 | N/A | - | لا | 2026-02-10 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| CVE-2026-25530 | Medium | 4.3 | لا | 2026-02-10 | Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lack… |
| CVE-2026-24885 | Medium | 5.7 | لا | 2026-02-10 | Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery (C… |
| CVE-2025-36522 | Medium | 5.4 | لا | 2026-02-10 | Incorrect default permissions for some Intel(R) Chipset Software before version 10.1.20266.8668 or later. within Ring 3… |
| CVE-2025-36511 | Medium | 5.4 | لا | 2026-02-10 | Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within Ring 3: User Applic… |
| CVE-2025-35999 | Medium | 5.4 | لا | 2026-02-10 | Incorrect permission assignment for critical resource for some System Firmware Update Utility (SysFwUpdt) for Intel(R) … |
| CVE-2025-35998 | High | 7.0 | لا | 2026-02-10 | Missing protection mechanism for alternate hardware interface in the Intel(R) Quick Assist Technology for some Intel(R)… |
| CVE-2025-35992 | Medium | 5.7 | لا | 2026-02-10 | Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a deni… |
| CVE-2025-33030 | Low | 2.0 | لا | 2026-02-10 | Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 3: User Applications may allow an … |
| CVE-2025-32739 | Low | 2.0 | لا | 2026-02-10 | Improper conditions check in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels within Ring 1: Devi… |
| CVE-2025-32735 | Medium | 6.8 | لا | 2026-02-10 | Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a deni… |
| CVE-2025-32467 | Medium | 5.6 | لا | 2026-02-10 | Use of uninitialized variable for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an informat… |
| CVE-2025-32453 | Medium | 5.4 | لا | 2026-02-10 | Incorrect default permissions for some Intel(R) Graphics Driver software within Ring 2: Privileged Process may allow an… |
| CVE-2025-32452 | Medium | 5.4 | لا | 2026-02-10 | Uncontrolled search path for some AI Playground before version 2.6.1 beta within Ring 3: User Applications may allow an… |
| CVE-2025-32092 | Medium | 5.4 | لا | 2026-02-10 | Insecure inherited permissions for some Intel(R) Graphics Software before version 25.30.1702.0 within Ring 3: User Appl… |
| CVE-2025-32008 | High | 8.7 | لا | 2026-02-10 | Out-of-bounds write in the firmware for the Intel(R) AMT and Intel(R) Standard Manageability within Ring 3: User Applic… |
| CVE-2025-32007 | Medium | 5.6 | لا | 2026-02-10 | Out-of-bounds read for some TDX before version tdx module 1.5.24 within Ring 0: Hypervisor may allow an information dis… |
| CVE-2025-32003 | Medium | 6.0 | لا | 2026-02-10 | Out-of-bounds read in the firmware for some 100GbE Intel(R) Ethernet Network Adapter E810 before version cvl fw 1.7.6, … |
| CVE-2025-31944 | Medium | 5.6 | لا | 2026-02-10 | Race condition for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow a denial of service. Autho… |
| CVE-2025-31655 | Medium | 5.4 | لا | 2026-02-10 | Incorrect default permissions for some Intel(R) Battery Life Diagnostic Tool within Ring 3: User Applications may allow… |
| CVE-2025-31648 | Low | 1.8 | لا | 2026-02-10 | Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privile… |
| CVE-2025-30513 | High | 8.3 | لا | 2026-02-10 | Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege. System software adve… |
| CVE-2025-30508 | Medium | 6.8 | لا | 2026-02-10 | Improper authorization in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may al… |
| CVE-2025-27940 | Medium | 5.6 | لا | 2026-02-10 | Out-of-bounds read for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclos… |
| CVE-2025-27708 | Medium | 5.6 | لا | 2026-02-10 | Out-of-bounds read in the firmware for some Intel(R) Converged Security and Management Engine (CSME) Firmware (FW) with… |
| CVE-2025-27572 | Medium | 5.6 | لا | 2026-02-10 | Exposure of sensitive information during transient execution for some TDX within Ring 0: Hypervisor may allow an inform… |