الثغرات / Vulnerabilities
بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى أدناه مبني على المصادر الرسمية فقط.
| CVE | الشدة | CVSS | مستغلة فعليًا؟ | تاريخ النشر | ملخص عربي |
|---|---|---|---|---|---|
| CVE-2026-24895 | High | 8.9 | لا | 2026-02-12 | FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly ha… |
| CVE-2026-24894 | High | 8.7 | لا | 2026-02-12 | FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $_SESSI… |
| CVE-2026-24044 | Critical | 9.2 | لا | 2026-02-12 | Element Server Suite Community Edition (ESS Community) deploys a Matrix stack using the provided Helm charts and Kubern… |
| CVE-2025-70314 | Critical | 9.8 | لا | 2026-02-12 | webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable |
| CVE-2025-67433 | N/A | - | لا | 2026-02-12 | A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause … |
| CVE-2025-67432 | High | 7.5 | لا | 2026-02-12 | A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers … |
| CVE-2019-25348 | N/A | - | لا | 2026-02-12 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| CVE-2019-25347 | High | 7.1 | لا | 2026-02-12 | thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating… |
| CVE-2019-25346 | High | 7.1 | لا | 2026-02-12 | TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the… |
| CVE-2019-25345 | High | 8.5 | لا | 2026-02-12 | Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to … |
| CVE-2019-25344 | High | 8.5 | لا | 2026-02-12 | Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify execut… |
| CVE-2019-25343 | High | 8.5 | لا | 2026-02-12 | NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files wit… |
| CVE-2026-26219 | Critical | 9.3 | لا | 2026-02-12 | newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not inc… |
| CVE-2026-26218 | Critical | 9.3 | لا | 2026-02-12 | newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provis… |
| CVE-2026-22821 | Medium | 4.9 | لا | 2026-02-12 | mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vu… |
| CVE-2026-21438 | Medium | 5.3 | لا | 2026-02-12 | webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded mem… |
| CVE-2026-21435 | Medium | 5.3 | لا | 2026-02-12 | webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of … |
| CVE-2026-21434 | Medium | 5.3 | لا | 2026-02-12 | webtransport-go is an implementation of the WebTransport protocol. From 0.3.0 to 0.9.0, an attacker can cause excessive… |
| CVE-2025-70981 | Critical | 9.8 | لا | 2026-02-12 | CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds … |
| CVE-2025-69807 | High | 7.5 | لا | 2026-02-12 | p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated remote attackers to caus… |
| CVE-2025-69806 | N/A | - | لا | 2026-02-12 | p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get re… |
| CVE-2025-63421 | High | 7.8 | لا | 2026-02-12 | An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via th… |
| CVE-2025-54519 | High | 7.3 | لا | 2026-02-12 | A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resu… |
| CVE-2025-52533 | High | 8.7 | لا | 2026-02-12 | Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and… |
| CVE-2024-36319 | Medium | 6.3 | لا | 2026-02-12 | Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously c… |
| CVE-2023-31323 | High | 8.4 | لا | 2026-02-12 | Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External G… |
| CVE-2023-20601 | Medium | 4.6 | لا | 2026-02-12 | Improper input validation within RAS TA Driver can allow a local attacker to access out-of-bounds memory, potentially r… |
| CVE-2025-61880 | High | 8.8 | لا | 2026-02-12 | In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution. |
| CVE-2025-61879 | High | 7.7 | لا | 2026-02-12 | In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mec… |
| CVE-2025-55210 | Low | 2.0 | لا | 2026-02-12 | FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to 17.0.5 and 16.0.17, … |
| CVE-2025-54756 | High | 8.6 | لا | 2026-02-12 | BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default passwo… |
| CVE-2026-26217 | Critical | 9.2 | لا | 2026-02-12 | Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execut… |
| CVE-2026-26216 | Critical | 10.0 | لا | 2026-02-12 | Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl… |
| CVE-2026-26214 | Critical | 9.1 | لا | 2026-02-12 | Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS hostname verification when H… |
| CVE-2025-70886 | High | 7.5 | لا | 2026-02-12 | An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the… |
| CVE-2025-69752 | N/A | - | لا | 2026-02-12 | An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to vie… |
| CVE-2025-69634 | Critical | 9.0 | لا | 2026-02-12 | Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges… |
| CVE-2025-56647 | Medium | 6.5 | لا | 2026-02-12 | npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development (hot module reloading) server … |
| CVE-2026-1104 | High | 8.8 | لا | 2026-02-12 | The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creati… |
| CVE-2025-14014 | Critical | 9.8 | لا | 2026-02-12 | Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software … |
| CVE-2023-31313 | High | 7.2 | لا | 2026-02-12 | An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to se… |
| CVE-2026-2007 | High | 8.2 | لا | 2026-02-12 | Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string… |
| CVE-2026-2006 | High | 8.8 | لا | 2026-02-12 | Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafte… |
| CVE-2026-2005 | High | 8.8 | لا | 2026-02-12 | Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating sys… |
| CVE-2026-2004 | High | 8.8 | لا | 2026-02-12 | Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object cr… |
| CVE-2026-2003 | Medium | 4.3 | لا | 2026-02-12 | Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. … |
| CVE-2026-1320 | High | 7.2 | لا | 2026-02-12 | The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scriptin… |
| CVE-2025-13004 | Medium | 6.3 | لا | 2026-02-12 | Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce … |
| CVE-2025-13002 | High | 8.2 | لا | 2026-02-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Farktor So… |
| CVE-2025-10969 | Critical | 9.8 | لا | 2026-02-12 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farktor Software … |