🛡️ مركز معلومات الثغرات
قاعدة بيانات الثغرات والتهديدات الأمنية المحدّثة
| المعرّف | الخطورة | CVSS | الوصف | الحالة | النشر |
|---|---|---|---|---|---|
| CVE-2025-54313 | حرج | 9.0 |
Prettier eslint-config-prettier Embedded Malicious Code Vulnerability — Prettier eslint-config-prettier contains an embe…
|
⚡ Exploit ✅ Patch | يناير 22, 2026 |
| CVE-2025-68645 | حرج | 9.0 |
Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability — Synacor Zimbra Collaboration Suite (Z…
|
⚡ Exploit ✅ Patch | يناير 22, 2026 |
| CVE-2025-10856 | مرتفع | 8.1 |
Unrestricted Upload of File with Dangerous Type vulnerability in Solvera Software Services Trade Inc. Teknoera allows Fi…
|
✅ Patch | يناير 22, 2026 |
| CVE-2026-24010 | مرتفع | 8.0 |
Horilla is a free and open source Human Resource Management System (HRMS). A critical File Upload vulnerability in versi…
|
⚡ Exploit ✅ Patch | يناير 22, 2026 |
| CVE-2026-24129 | مرتفع | 8.0 |
Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versi…
|
⚡ Exploit ✅ Patch | يناير 22, 2026 |
| CVE-2026-1260 | مرتفع | 7.8 |
Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created…
|
✅ Patch | يناير 22, 2026 |
| CVE-2026-1330 | مرتفع | 7.5 |
MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing unauthenticated remote at…
|
✅ Patch | يناير 22, 2026 |
| CVE-2026-21520 | مرتفع | 7.5 |
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view s…
|
✅ Patch | يناير 22, 2026 |
| CVE-2025-10024 | مرتفع | 7.5 |
Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Educatio…
|
✅ Patch | يناير 22, 2026 |
| CVE-2025-10855 | مرتفع | 7.5 |
Authorization Bypass Through User-Controlled Key vulnerability in Solvera Software Services Trade Inc. Teknoera allows E…
|
✅ Patch | يناير 22, 2026 |
| CVE-2026-21521 | مرتفع | 7.4 |
Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose inf…
|
✅ Patch | يناير 22, 2026 |
| CVE-2026-21524 | مرتفع | 7.4 |
Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to dis…
|
✅ Patch | يناير 22, 2026 |
| CVE-2026-23988 | مرتفع | 7.3 |
Rufus is a utility that helps format and create bootable USB flash drives. Versions 4.11 and below contain a race condit…
|
⚡ Exploit ✅ Patch | يناير 22, 2026 |
| CVE-2025-67684 | مرتفع | 7.2 |
Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart …
|
✅ Patch | يناير 22, 2026 |
| CVE-2026-0533 | مرتفع | 7.1 |
A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by…
|
✅ Patch | يناير 22, 2026 |
| CVE-2026-0534 | مرتفع | 7.1 |
A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site …
|
✅ Patch | يناير 22, 2026 |
| CVE-2026-0535 | مرتفع | 7.1 |
A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cros…
|
✅ Patch | يناير 22, 2026 |
| CVE-2026-20045 | حرج | 9.0 |
Cisco Unified Communications Products Code Injection Vulnerability — Cisco Unified Communications Manager (Unified CM), …
|
⚡ Exploit ✅ Patch | يناير 21, 2026 |
| CVE-2026-0834 | مرتفع | 8.8 |
Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows unauthenticated adjacent attack…
|
✅ Patch | يناير 21, 2026 |
| CVE-2026-22822 | مرتفع | 8.8 |
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernete…
|
✅ Patch | يناير 21, 2026 |