🛡️ مركز معلومات الثغرات
قاعدة بيانات الثغرات والتهديدات الأمنية المحدّثة
| المعرّف | الخطورة | CVSS | الوصف | الحالة | النشر |
|---|---|---|---|---|---|
| CVE-2016-20053 | متوسط | 5.3 |
Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create admin…
|
— | أبريل 4, 2026 |
| CVE-2025-14938 | متوسط | 5.3 |
The Listeo Core plugin for WordPress is vulnerable to unauthenticated arbitrary media upload in all versions up to, and …
|
— | أبريل 4, 2026 |
| CVE-2026-26135 | حرج | 9.6 |
Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to ele…
|
— | أبريل 3, 2026 |
| CVE-2026-32211 | حرج | 9.1 |
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information…
|
— | أبريل 3, 2026 |
| CVE-2025-59710 | مرتفع | 8.8 |
An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the …
|
— | أبريل 3, 2026 |
| CVE-2026-25044 | مرتفع | 8.8 |
Budibase is an open-source low-code platform. Prior to version 3.33.4, the bash automation step executes user-provided c…
|
— | أبريل 3, 2026 |
| CVE-2026-32173 | مرتفع | 8.6 |
Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.
|
— | أبريل 3, 2026 |
| CVE-2015-10148 | مرتفع | 8.2 |
Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical…
|
— | أبريل 3, 2026 |
| CVE-2016-15058 | مرتفع | 8.1 |
Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior t…
|
— | أبريل 3, 2026 |
| CVE-2026-22665 | مرتفع | 8.1 |
prompts.chat prior to commit 1464475 contains an identity confusion vulnerability due to inconsistent case-sensitive and…
|
— | أبريل 3, 2026 |
| CVE-2026-22661 | مرتفع | 8.1 |
prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attacker…
|
— | أبريل 3, 2026 |
| CVE-2026-4350 | مرتفع | 8.1 |
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, …
|
— | أبريل 3, 2026 |
| CVE-2026-22664 | مرتفع | 7.7 |
prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling…
|
— | أبريل 3, 2026 |
| CVE-2026-22663 | مرتفع | 7.5 |
prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate che…
|
— | أبريل 3, 2026 |
| CVE-2020-37216 | مرتفع | 7.5 |
Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet…
|
— | أبريل 3, 2026 |
| CVE-2022-4987 | مرتفع | 7.3 |
Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of…
|
— | أبريل 3, 2026 |
| CVE-2026-27655 | مرتفع | 7.3 |
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on M…
|
— | أبريل 3, 2026 |
| CVE-2026-3880 | مرتفع | 7.3 |
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client P…
|
— | أبريل 3, 2026 |
| CVE-2026-3879 | مرتفع | 7.3 |
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Deta…
|
— | أبريل 3, 2026 |
| CVE-2026-4108 | مرتفع | 7.3 |
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Perm…
|
— | أبريل 3, 2026 |