🛡️ مركز معلومات الثغرات
قاعدة بيانات الثغرات والتهديدات الأمنية المحدّثة
| المعرّف | الخطورة | CVSS | الوصف | الحالة | النشر |
|---|---|---|---|---|---|
| CVE-2025-15268 | مرتفع | 7.5 |
The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the 'infility_get_data' API …
|
✅ Patch | فبراير 4, 2026 |
| CVE-2025-15285 | مرتفع | 7.5 |
The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capa…
|
✅ Patch | فبراير 4, 2026 |
| CVE-2025-15555 | مرتفع | 7.3 |
A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_…
|
⚡ Exploit ✅ Patch | فبراير 4, 2026 |
| CVE-2026-21893 | مرتفع | 7.2 |
n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerab…
|
✅ Patch | فبراير 4, 2026 |
| CVE-2025-70841 | حرج | 10.0 |
Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive app…
|
⚡ Exploit ✅ Patch | فبراير 3, 2026 |
| CVE-2026-25510 | حرج | 9.9 |
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati…
|
⚡ Exploit ✅ Patch | فبراير 3, 2026 |
| CVE-2020-37082 | حرج | 9.8 |
webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database ba…
|
⚡ Exploit ✅ Patch | فبراير 3, 2026 |
| CVE-2019-19006 | حرج | 9.0 |
Sangoma FreePBX Improper Authentication Vulnerability — Sangoma FreePBX contains an improper authentication vulnerabili…
|
⚡ Exploit ✅ Patch | فبراير 3, 2026 |
| CVE-2021-39935 | حرج | 9.0 |
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability — GitLab Community and Enterpr…
|
⚡ Exploit ✅ Patch | فبراير 3, 2026 |
| CVE-2025-40551 | حرج | 9.0 |
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability — SolarWinds Web Help Desk contains a deseriali…
|
⚡ Exploit ✅ Patch | فبراير 3, 2026 |
| CVE-2025-64328 | حرج | 9.0 |
Sangoma FreePBX OS Command Injection Vulnerability — Sangoma FreePBX Endpoint Manager contains an OS command injection v…
|
⚡ Exploit ✅ Patch | فبراير 3, 2026 |
| CVE-2020-37073 | مرتفع | 8.8 |
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with a…
|
⚡ Exploit ✅ Patch | فبراير 3, 2026 |
| CVE-2020-37078 | مرتفع | 8.8 |
i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated att…
|
✅ Patch | فبراير 3, 2026 |
| CVE-2020-37113 | مرتفع | 8.8 |
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renamin…
|
⚡ Exploit ✅ Patch | فبراير 3, 2026 |
| CVE-2020-37116 | مرتفع | 8.8 |
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the…
|
⚡ Exploit ✅ Patch | فبراير 3, 2026 |
| CVE-2026-1730 | مرتفع | 8.8 |
The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation i…
|
✅ Patch | فبراير 3, 2026 |
| CVE-2026-24887 | مرتفع | 8.8 |
Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to b…
|
✅ Patch | فبراير 3, 2026 |
| CVE-2025-6397 | مرتفع | 8.6 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ankara Host…
|
✅ Patch | فبراير 3, 2026 |
| CVE-2019-25260 | مرتفع | 8.2 |
OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows att…
|
✅ Patch | فبراير 3, 2026 |
| CVE-2020-37076 | مرتفع | 8.2 |
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote att…
|
⚡ Exploit ✅ Patch | فبراير 3, 2026 |