🛡️ مركز معلومات الثغرات
قاعدة بيانات الثغرات والتهديدات الأمنية المحدّثة
| المعرّف | الخطورة | CVSS | الوصف | الحالة | النشر |
|---|---|---|---|---|---|
| CVE-2026-1506 | مرتفع | 7.2 |
A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file /adv_mac_filter.php o…
|
⚡ Exploit ✅ Patch | يناير 28, 2026 |
| CVE-2025-14610 | مرتفع | 7.2 |
The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, a…
|
✅ Patch | يناير 28, 2026 |
| CVE-2026-24736 | حرج | 9.1 |
Squidex is an open source headless content management system and content management hub. Versions of the application up …
|
⚡ Exploit ✅ Patch | يناير 27, 2026 |
| CVE-2026-24858 | حرج | 9.0 |
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability — Fortinet FortiAnalyz…
|
⚡ Exploit ✅ Patch | يناير 27, 2026 |
| CVE-2026-24345 | مرتفع | 8.8 |
Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization che…
|
✅ Patch | يناير 27, 2026 |
| CVE-2020-36938 | مرتفع | 8.8 |
WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system …
|
✅ Patch | يناير 27, 2026 |
| CVE-2020-36942 | مرتفع | 8.8 |
Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files throug…
|
⚡ Exploit ✅ Patch | يناير 27, 2026 |
| CVE-2025-41726 | مرتفع | 8.8 |
A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the…
|
✅ Patch | يناير 27, 2026 |
| CVE-2026-24486 | مرتفع | 8.6 |
Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exi…
|
⚡ Exploit ✅ Patch | يناير 27, 2026 |
| CVE-2026-24882 | مرتفع | 8.4 |
In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for …
|
⚡ Exploit ✅ Patch | يناير 27, 2026 |
| CVE-2020-36951 | مرتفع | 8.2 |
Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers…
|
✅ Patch | يناير 27, 2026 |
| CVE-2021-47902 | مرتفع | 8.2 |
Testa Online Test Management System 3.4.7 contains a SQL injection vulnerability that allows attackers to manipulate dat…
|
✅ Patch | يناير 27, 2026 |
| CVE-2020-36980 | مرتفع | 7.8 |
SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allow…
|
✅ Patch | يناير 27, 2026 |
| CVE-2020-36981 | مرتفع | 7.8 |
Motorola Device Manager 2.4.5 contains an unquoted service path vulnerability in the PST Service that allows local users…
|
✅ Patch | يناير 27, 2026 |
| CVE-2020-36982 | مرتفع | 7.8 |
Motorola Device Manager 2.5.4 contains an unquoted service path vulnerability in the MotoHelperService.exe service that …
|
✅ Patch | يناير 27, 2026 |
| CVE-2020-36983 | مرتفع | 7.8 |
Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arb…
|
✅ Patch | يناير 27, 2026 |
| CVE-2025-41727 | مرتفع | 7.8 |
A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to per…
|
✅ Patch | يناير 27, 2026 |
| CVE-2020-36939 | مرتفع | 7.5 |
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary…
|
✅ Patch | يناير 27, 2026 |
| CVE-2025-69421 | مرتفع | 7.5 |
Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i…
|
✅ Patch | يناير 27, 2026 |
| CVE-2026-1472 | مرتفع | 7.5 |
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application …
|
✅ Patch | يناير 27, 2026 |