سامي
سامي الغامدي
مستشار Fyntralink · متاح الآن
مدعوم بالذكاء الاصطناعي · Fyntralink
0536890919 info@fyntralink.com
تغذية مباشرة من NVD & CISA

قاعدة بيانات الثغرات الأمنية CVE Intelligence

بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى مبني على المصادر الرسمية فقط.

إعادة ضبط
عرض صفحة 9 من 27 (1330 ثغرة)
CVE ID الشدة CVSS KEV مستغلة؟ تاريخ النشر الملخص
CVE-2026-24895 High 8.9 لا 2026-02-12 FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly handles Unicode charac…
CVE-2026-24894 High 8.7 لا 2026-02-12 FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $_SESSION superglobal is no…
CVE-2026-24044 Critical 9.2 لا 2026-02-12 Element Server Suite Community Edition (ESS Community) deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. T…
CVE-2025-70314 Critical 9.8 لا 2026-02-12 webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable
CVE-2025-67433 N/A لا 2026-02-12 A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service …
CVE-2025-67432 High 7.5 لا 2026-02-12 A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause a Denial of…
CVE-2019-25348 N/A لا 2026-02-12 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2019-25347 High 7.1 لا 2026-02-12 thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parame…
CVE-2019-25346 High 7.1 لا 2026-02-12 TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server_name' param…
CVE-2019-25345 High 8.5 لا 2026-02-12 Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute …
CVE-2019-25344 High 8.5 لا 2026-02-12 Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the ap…
CVE-2019-25343 High 8.5 لا 2026-02-12 NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights…
CVE-2026-26219 Critical 9.3 لا 2026-02-12 newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user sa…
CVE-2026-26218 Critical 9.3 لا 2026-02-12 newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predict…
CVE-2026-22821 Medium 4.9 لا 2026-02-12 mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vulnerability is fixed…
CVE-2026-21438 Medium 5.3 لا 2026-02-12 webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repe…
CVE-2026-21435 Medium 5.3 لا 2026-02-12 webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransp…
CVE-2026-21434 Medium 5.3 لا 2026-02-12 webtransport-go is an implementation of the WebTransport protocol. From 0.3.0 to 0.9.0, an attacker can cause excessive memory consumption …
CVE-2025-70981 Critical 9.8 لا 2026-02-12 CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter.
CVE-2025-69807 High 7.5 لا 2026-02-12 p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated remote attackers to cause a denial of servic…
CVE-2025-69806 N/A لا 2026-02-12 p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get relative information l…
CVE-2025-63421 High 7.8 لا 2026-02-12 An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe file
CVE-2025-54519 High 7.3 لا 2026-02-12 A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary c…
CVE-2025-52533 High 8.7 لا 2026-02-12 Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially comprom…
CVE-2024-36319 Medium 6.3 لا 2026-02-12 Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causi…
CVE-2023-31323 High 8.4 لا 2026-02-12 Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interco…
CVE-2023-20601 Medium 4.6 لا 2026-02-12 Improper input validation within RAS TA Driver can allow a local attacker to access out-of-bounds memory, potentially resulting in a denial…
CVE-2025-61880 High 8.8 لا 2026-02-12 In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution.
CVE-2025-61879 High 7.7 لا 2026-02-12 In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism.
CVE-2025-55210 Low 2.0 لا 2026-02-12 FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api (…
CVE-2025-54756 High 8.6 لا 2026-02-12 BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable…
CVE-2026-26217 Critical 9.2 لا 2026-02-12 Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot, /…
CVE-2026-26216 Critical 10.0 لا 2026-02-12 Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a …
CVE-2026-26214 Critical 9.1 لا 2026-02-12 Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled (the…
CVE-2025-70886 High 7.5 لا 2026-02-12 An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment subm…
CVE-2025-69752 N/A لا 2026-02-12 An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profi…
CVE-2025-69634 Critical 9.0 لا 2026-02-12 Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field…
CVE-2025-56647 Medium 6.5 لا 2026-02-12 npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development (hot module reloading) server does not validate or…
CVE-2026-1104 High 8.8 لا 2026-02-12 The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due …
CVE-2025-14014 Critical 9.8 لا 2026-02-12 Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software Hardware Industry an…
CVE-2023-31313 High 7.2 لا 2026-02-12 An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed message…
CVE-2026-2007 High 8.2 لا 2026-02-12 Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has l…
CVE-2026-2006 High 8.8 لا 2026-02-12 Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achie…
CVE-2026-2005 High 8.8 لا 2026-02-12 Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the…
CVE-2026-2004 High 8.8 لا 2026-02-12 Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arb…
CVE-2026-2003 Medium 4.3 لا 2026-02-12 Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled ou…
CVE-2026-1320 High 7.2 لا 2026-02-12 The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forward…
CVE-2025-13004 Medium 6.3 لا 2026-02-12 Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manip…
CVE-2025-13002 High 8.2 لا 2026-02-12 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Farktor Software E-Commerce Se…
CVE-2025-10969 Critical 9.8 لا 2026-02-12 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farktor Software E-Commerce Services …