تغذية مباشرة من NVD & CISA

قاعدة بيانات الثغرات الأمنية CVE Intelligence

بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى مبني على المصادر الرسمية فقط.

الثغرات المستغلة فعليًا فقط

إعادة ضبط

عرض صفحة 7 من 27 (1330 ثغرة)

CVE ID	الشدة	CVSS	KEV مستغلة؟	تاريخ النشر	الملخص
CVE-2025-66676	Medium	6.2	لا	2026-02-13	An issue in IObit Unlocker v1.3.0.11 allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2026-2026	Medium	5.4	لا	2026-02-13	A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized acc…
CVE-2026-26268	High	8.0	لا	2026-02-13	Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5.…
CVE-2026-26226	Medium	5.3	لا	2026-02-13	beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting (XSS) when renderi…
CVE-2025-70123	High	7.5	لا	2026-02-13	An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. …
CVE-2025-70122	High	7.5	لا	2026-02-13	A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a craf…
CVE-2025-70121	High	7.5	لا	2026-02-13	An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via …
CVE-2025-1790	Medium	5.8	لا	2026-02-13	Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain…
CVE-2026-26221	Critical	10.0	لا	2026-02-13	Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe).…
CVE-2025-70095	Medium	6.5	لا	2026-02-13	A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to ex…
CVE-2025-70094	Medium	6.5	لا	2026-02-13	A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute arbitr…
CVE-2025-70093	High	7.4	لا	2026-02-13	An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.
CVE-2025-70091	Medium	6.5	لا	2026-02-13	A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scri…
CVE-2026-25531	Medium	4.3	لا	2026-02-13	Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskC…
CVE-2026-1578	Medium	5.1	لا	2026-02-13	HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version of the application via mobile dev…
CVE-2026-23112	N/A	—	لا	2026-02-13	In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec nvmet_tcp_bui…
CVE-2026-23111	N/A	—	لا	2026-02-13	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_ac…
CVE-2026-1619	High	8.3	لا	2026-02-13	Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Ide…
CVE-2026-1618	High	8.8	لا	2026-02-13	Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalatio…
CVE-2025-14349	High	8.8	لا	2026-02-13	Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk…
CVE-2026-2443	Medium	5.3	لا	2026-02-13	A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, …
CVE-2025-33042	High	7.3	لا	2026-02-13	Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untru…
CVE-2026-22892	Medium	4.3	لا	2026-02-13	Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from…
CVE-2026-20796	Low	3.1	لا	2026-02-13	Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivate…
CVE-2026-0872	Low	2.5	لا	2026-02-13	Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Va…
CVE-2025-48023	Medium	6.0	لا	2026-02-13	A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives malicio…
CVE-2025-48022	Medium	6.0	لا	2026-02-13	A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives malicio…
CVE-2025-48021	Medium	6.0	لا	2026-02-13	A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives malicio…
CVE-2025-15520	Medium	4.3	لا	2026-02-13	The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive dat…
CVE-2025-48020	Medium	6.0	لا	2026-02-13	A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives malicio…
CVE-2025-48019	Medium	6.0	لا	2026-02-13	A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives malicio…
CVE-2025-1924	Medium	6.0	لا	2026-02-13	A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciou…
CVE-2026-26257	N/A	—	لا	2026-02-13	Rejected reason: Not used
CVE-2026-26256	N/A	—	لا	2026-02-13	Rejected reason: Not used
CVE-2026-26255	N/A	—	لا	2026-02-13	Rejected reason: Not used
CVE-2026-26254	N/A	—	لا	2026-02-13	Rejected reason: Not used
CVE-2026-26253	N/A	—	لا	2026-02-13	Rejected reason: Not used
CVE-2026-26252	N/A	—	لا	2026-02-13	Rejected reason: Not used
CVE-2026-26251	N/A	—	لا	2026-02-13	Rejected reason: Not used
CVE-2026-26250	N/A	—	لا	2026-02-13	Rejected reason: Not used
CVE-2026-26249	N/A	—	لا	2026-02-13	Rejected reason: Not used
CVE-2026-25108	High	8.7	لا	2026-02-13	FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a special…
CVE-2026-1721	Medium	6.2	لا	2026-02-13	Summary A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_descr…
CVE-2025-9293	High	7.7	لا	2026-02-13	A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities du…
CVE-2025-9292	Low	2.0	لا	2026-02-13	A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circu…
CVE-2025-40905	N/A	—	لا	2026-02-13	WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for…
CVE-2024-21961	Medium	6.0	لا	2026-02-13	Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtua…
CVE-2026-26188	Medium	5.1	لا	2026-02-13	Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user (able to create/edi…
CVE-2025-70092	N/A	—	لا	2026-02-13	A cross-site scripting (XSS) vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scri…
CVE-2020-37167	High	8.6	لا	2026-02-13	ClamAV ClamBC bytecode interpreter contains a vulnerability in function name processing that allows attackers to manipulate bytecode functi…