🛡️ مركز معلومات الثغرات
قاعدة بيانات الثغرات والتهديدات الأمنية المحدّثة
| المعرّف | الخطورة | CVSS | الوصف | الحالة | النشر |
|---|---|---|---|---|---|
| CVE-2026-23512 | مرتفع | 8.6 |
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability wh…
|
⚡ Exploit ✅ Patch | يناير 14, 2026 |
| CVE-2026-22856 | مرتفع | 8.1 |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP threa…
|
⚡ Exploit ✅ Patch | يناير 14, 2026 |
| CVE-2025-13455 | مرتفع | 7.8 |
A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass T…
|
✅ Patch | يناير 14, 2026 |
| CVE-2025-12166 | مرتفع | 7.5 |
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to bli…
|
✅ Patch | يناير 14, 2026 |
| CVE-2025-14770 | مرتفع | 7.5 |
The Shipping Rate By Cities plugin for WordPress is vulnerable to SQL Injection via the 'city' parameter in all versions…
|
✅ Patch | يناير 14, 2026 |
| CVE-2026-21889 | مرتفع | 7.5 |
Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server…
|
✅ Patch | يناير 14, 2026 |
| CVE-2026-22240 | مرتفع | 7.5 |
The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unau…
|
✅ Patch | يناير 14, 2026 |
| CVE-2026-23498 | مرتفع | 7.2 |
Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array a…
|
✅ Patch | يناير 14, 2026 |
| CVE-2025-14613 | مرتفع | 7.2 |
The GetContentFromURL plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and inclu…
|
✅ Patch | يناير 14, 2026 |
| CVE-2025-15266 | مرتفع | 7.2 |
The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to Sto…
|
✅ Patch | يناير 14, 2026 |
| CVE-2025-15283 | مرتفع | 7.2 |
The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_directory_name' and …
|
✅ Patch | يناير 14, 2026 |
| CVE-2025-15378 | مرتفع | 7.2 |
The AJS Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'note_list_class' and 'popup…
|
✅ Patch | يناير 14, 2026 |
| CVE-2025-14615 | مرتفع | 7.1 |
The DASHBOARD BUILDER – WordPress plugin for Charts and Graphs plugin for WordPress is vulnerable to Cross-Site Request …
|
✅ Patch | يناير 14, 2026 |
| CVE-2026-0500 | حرج | 9.6 |
Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager (WorkStation), an unauthe…
|
✅ Patch | يناير 13, 2026 |
| CVE-2026-0498 | حرج | 9.1 |
SAP S/4HANA (Private Cloud and On-Premise) allows an attacker with admin privileges to exploit a vulnerability in the fu…
|
✅ Patch | يناير 13, 2026 |
| CVE-2026-20805 | حرج | 9.0 |
Microsoft Windows Information Disclosure Vulnerability — Microsoft Windows Desktop Windows Manager contains an informati…
|
⚡ Exploit ✅ Patch | يناير 13, 2026 |
| CVE-2026-20947 | مرتفع | 8.8 |
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allo…
|
✅ Patch | يناير 13, 2026 |
| CVE-2026-20963 | مرتفع | 8.8 |
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a ne…
|
✅ Patch | يناير 13, 2026 |
| CVE-2022-50909 | مرتفع | 8.8 |
Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows…
|
✅ Patch | يناير 13, 2026 |
| CVE-2022-50936 | مرتفع | 8.8 |
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload mal…
|
⚡ Exploit ✅ Patch | يناير 13, 2026 |