🛡️ مركز معلومات الثغرات
قاعدة بيانات الثغرات والتهديدات الأمنية المحدّثة
| المعرّف | الخطورة | CVSS | الوصف | الحالة | النشر |
|---|---|---|---|---|---|
| CVE-2026-3327 | متوسط | — |
Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated use…
|
— | فبراير 27, 2026 |
| CVE-2018-25160 | متوسط | — |
HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code i…
|
— | فبراير 27, 2026 |
| CVE-2025-15498 | متوسط | — |
Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an …
|
— | فبراير 27, 2026 |
| CVE-2025-15509 | متوسط | — |
The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some information leakage.
|
— | فبراير 27, 2026 |
| CVE-2025-15567 | متوسط | — |
Insufficient protection mechanisms in the Health Module may lead to partial information disclosure.
|
— | فبراير 27, 2026 |
| CVE-2025-50857 | حرج | 9.8 |
ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attacker…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-22207 | حرج | 9.8 |
OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows u…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-27975 | حرج | 9.8 |
Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-28213 | حرج | 9.8 |
EverShop is a TypeScript-first eCommerce platform. Versions prior to 2.1.1 have a vulnerability in the "Forgot Password"…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-27510 | حرج | 9.6 |
Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.dogg…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-28215 | حرج | 9.1 |
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, an unauthenticated attacker can overw…
|
⚡ Exploit ✅ Patch | فبراير 26, 2026 |
| CVE-2026-1311 | مرتفع | 8.8 |
The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 …
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-1565 | مرتفع | 8.8 |
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordP…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-22206 | مرتفع | 8.8 |
SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to exe…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-26938 | مرتفع | 8.6 |
Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows in Kibana which cou…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-3071 | مرتفع | 8.4 |
Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to ar…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-28216 | مرتفع | 8.3 |
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify o…
|
⚡ Exploit ✅ Patch | فبراير 26, 2026 |
| CVE-2025-71057 | مرتفع | 8.2 |
Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1.00 allows attackers to execute a s…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-1779 | مرتفع | 8.1 |
The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and in…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-23750 | مرتفع | 8.1 |
Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certific…
|
✅ Patch | فبراير 26, 2026 |