🛡️ مركز معلومات الثغرات
قاعدة بيانات الثغرات والتهديدات الأمنية المحدّثة
| المعرّف | الخطورة | CVSS | الوصف | الحالة | النشر |
|---|---|---|---|---|---|
| CVE-2025-15055 | مرتفع | 7.2 |
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notes' and 'resource' …
|
✅ Patch | يناير 9, 2026 |
| CVE-2025-15057 | مرتفع | 7.2 |
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fh` (fingerprint) para…
|
✅ Patch | يناير 9, 2026 |
| CVE-2025-66052 | مرتفع | 7.2 |
Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "system_ntpIt" used by "…
|
✅ Patch | يناير 9, 2026 |
| CVE-2019-25289 | مرتفع | 8.8 |
SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary throug…
|
✅ Patch | يناير 8, 2026 |
| CVE-2026-22042 | مرتفع | 8.8 |
RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.79, he `ImportIam` admin API v…
|
⚡ Exploit ✅ Patch | يناير 8, 2026 |
| CVE-2019-25231 | مرتفع | 8.4 |
devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows loca…
|
✅ Patch | يناير 8, 2026 |
| CVE-2026-22035 | مرتفع | 7.7 |
Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection …
|
⚡ Exploit ✅ Patch | يناير 8, 2026 |
| CVE-2026-22245 | مرتفع | 7.5 |
Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbou…
|
✅ Patch | يناير 8, 2026 |
| CVE-2019-25279 | مرتفع | 7.5 |
FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to acce…
|
⚡ Exploit ✅ Patch | يناير 8, 2026 |
| CVE-2019-25291 | مرتفع | 7.5 |
INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that ca…
|
✅ Patch | يناير 8, 2026 |
| CVE-2025-68151 | مرتفع | 7.5 |
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations (gRPC, HTT…
|
✅ Patch | يناير 8, 2026 |
| CVE-2025-14436 | مرتفع | 7.2 |
The Brevo for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_connection_id’…
|
✅ Patch | يناير 8, 2026 |
| CVE-2026-22241 | مرتفع | 7.2 |
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, …
|
⚡ Exploit ✅ Patch | يناير 8, 2026 |
| CVE-2026-22244 | مرتفع | 7.2 |
OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server…
|
⚡ Exploit ✅ Patch | يناير 8, 2026 |
| CVE-2025-69222 | حرج | 9.1 |
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF…
|
⚡ Exploit ✅ Patch | يناير 7, 2026 |
| CVE-2009-0556 | حرج | 9.0 |
Microsoft Office PowerPoint Code Injection Vulnerability — Microsoft Office PowerPoint contains a code injection vulnera…
|
⚡ Exploit ✅ Patch | يناير 7, 2026 |
| CVE-2025-37164 | حرج | 9.0 |
Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability — Hewlett Packard Enterprise (HPE) OneView contain…
|
⚡ Exploit ✅ Patch | يناير 7, 2026 |
| CVE-2025-15158 | مرتفع | 8.8 |
The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in …
|
✅ Patch | يناير 7, 2026 |
| CVE-2025-13371 | مرتفع | 8.6 |
The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including…
|
✅ Patch | يناير 7, 2026 |
| CVE-2026-0656 | مرتفع | 8.2 |
The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions …
|
✅ Patch | يناير 7, 2026 |