الثغرات / Vulnerabilities
بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى أدناه مبني على المصادر الرسمية فقط.
| CVE | الشدة | CVSS | مستغلة فعليًا؟ | تاريخ النشر | ملخص عربي |
|---|---|---|---|---|---|
| CVE-2025-66676 | Medium | 6.2 | لا | 2026-02-13 | An issue in IObit Unlocker v1.3.0.11 allows attackers to cause a Denial of Service (DoS) via a crafted request. |
| CVE-2026-2026 | Medium | 5.4 | لا | 2026-02-13 | A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could al… |
| CVE-2026-26268 | High | 8.0 | لا | 2026-02-13 | Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in ve… |
| CVE-2026-26226 | Medium | 5.3 | لا | 2026-02-13 | beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scriptin… |
| CVE-2025-70123 | High | 7.5 | لا | 2026-02-13 | An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a… |
| CVE-2025-70122 | High | 7.5 | لا | 2026-02-13 | A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial o… |
| CVE-2025-70121 | High | 7.5 | لا | 2026-02-13 | An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a de… |
| CVE-2025-1790 | Medium | 5.8 | لا | 2026-02-13 | Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this v… |
| CVE-2026-26221 | Critical | 10.0 | لا | 2026-02-13 | Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Work… |
| CVE-2025-70095 | Medium | 6.5 | لا | 2026-02-13 | A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 al… |
| CVE-2025-70094 | Medium | 6.5 | لا | 2026-02-13 | A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attacke… |
| CVE-2025-70093 | High | 7.4 | لا | 2026-02-13 | An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response. |
| CVE-2025-70091 | Medium | 6.5 | لا | 2026-02-13 | A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execut… |
| CVE-2026-25531 | Medium | 4.3 | لا | 2026-02-13 | Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is i… |
| CVE-2026-1578 | Medium | 5.1 | لا | 2026-02-13 | HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version of the applic… |
| CVE-2026-23112 | N/A | - | لا | 2026-02-13 | In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu… |
| CVE-2026-23111 | N/A | - | لا | 2026-02-13 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in… |
| CVE-2026-1619 | High | 8.3 | لا | 2026-02-13 | Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploit… |
| CVE-2026-1618 | High | 8.8 | لا | 2026-02-13 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows… |
| CVE-2025-14349 | High | 8.8 | لا | 2026-02-13 | Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software… |
| CVE-2026-2443 | Medium | 5.3 | لا | 2026-02-13 | A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted … |
| CVE-2025-33042 | High | 7.3 | لا | 2026-02-13 | Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specifi… |
| CVE-2026-22892 | Medium | 4.3 | لا | 2026-02-13 | Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creat… |
| CVE-2026-20796 | Low | 3.1 | لا | 2026-02-13 | Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which… |
| CVE-2026-0872 | Low | 2.5 | لا | 2026-02-13 | Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spo… |
| CVE-2025-48023 | Medium | 6.0 | لا | 2026-02-13 | A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected prod… |
| CVE-2025-48022 | Medium | 6.0 | لا | 2026-02-13 | A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected prod… |
| CVE-2025-48021 | Medium | 6.0 | لا | 2026-02-13 | A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected prod… |
| CVE-2025-15520 | Medium | 4.3 | لا | 2026-02-13 | The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure o… |
| CVE-2025-48020 | Medium | 6.0 | لا | 2026-02-13 | A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected prod… |
| CVE-2025-48019 | Medium | 6.0 | لا | 2026-02-13 | A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected prod… |
| CVE-2025-1924 | Medium | 6.0 | لا | 2026-02-13 | A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected prod… |
| CVE-2026-26257 | N/A | - | لا | 2026-02-13 | Rejected reason: Not used |
| CVE-2026-26256 | N/A | - | لا | 2026-02-13 | Rejected reason: Not used |
| CVE-2026-26255 | N/A | - | لا | 2026-02-13 | Rejected reason: Not used |
| CVE-2026-26254 | N/A | - | لا | 2026-02-13 | Rejected reason: Not used |
| CVE-2026-26253 | N/A | - | لا | 2026-02-13 | Rejected reason: Not used |
| CVE-2026-26252 | N/A | - | لا | 2026-02-13 | Rejected reason: Not used |
| CVE-2026-26251 | N/A | - | لا | 2026-02-13 | Rejected reason: Not used |
| CVE-2026-26250 | N/A | - | لا | 2026-02-13 | Rejected reason: Not used |
| CVE-2026-26249 | N/A | - | لا | 2026-02-13 | Rejected reason: Not used |
| CVE-2026-25108 | High | 8.7 | لا | 2026-02-13 | FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in use… |
| CVE-2026-1721 | Medium | 6.2 | لا | 2026-02-13 | Summary A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handl… |
| CVE-2025-9293 | High | 7.7 | لا | 2026-02-13 | A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated … |
| CVE-2025-9292 | Low | 2.0 | لا | 2026-02-13 | A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed … |
| CVE-2025-40905 | N/A | - | لا | 2026-02-13 | WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptogra… |
| CVE-2024-21961 | Medium | 6.0 | لا | 2026-02-13 | Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with acce… |
| CVE-2026-26188 | Medium | 5.1 | لا | 2026-02-13 | Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user… |
| CVE-2025-70092 | N/A | - | لا | 2026-02-13 | A cross-site scripting (XSS) vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execut… |
| CVE-2020-37167 | High | 8.6 | لا | 2026-02-13 | ClamAV ClamBC bytecode interpreter contains a vulnerability in function name processing that allows attackers to manipu… |