🛡️ مركز معلومات الثغرات
قاعدة بيانات الثغرات والتهديدات الأمنية المحدّثة
| المعرّف | الخطورة | CVSS | الوصف | الحالة | النشر |
|---|---|---|---|---|---|
| CVE-2026-34545 | مرتفع | 7.3 |
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the …
|
⚡ Exploit ✅ Patch | أبريل 1, 2026 |
| CVE-2026-0932 | مرتفع | 7.3 |
Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in…
|
— | أبريل 1, 2026 |
| CVE-2026-20151 | مرتفع | 7.3 |
A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated,…
|
— | أبريل 1, 2026 |
| CVE-2026-35056 | مرتفع | 7.2 |
XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by authenticated, but malicious, admin users. …
|
— | أبريل 1, 2026 |
| CVE-2026-34603 | مرتفع | 7.1 |
Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal…
|
✅ Patch | أبريل 1, 2026 |
| CVE-2026-34604 | مرتفع | 7.1 |
Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containmen…
|
✅ Patch | أبريل 1, 2026 |
| CVE-2026-20097 | متوسط | 6.5 |
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with ad…
|
— | أبريل 1, 2026 |
| CVE-2026-20096 | متوسط | 6.5 |
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with ad…
|
— | أبريل 1, 2026 |
| CVE-2025-36375 | متوسط | 6.5 |
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and I…
|
— | أبريل 1, 2026 |
| CVE-2026-30522 | متوسط | 6.5 |
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validati…
|
⚡ Exploit | أبريل 1, 2026 |
| CVE-2026-20042 | متوسط | 6.5 |
A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encrypt…
|
— | أبريل 1, 2026 |
| CVE-2026-35000 | متوسط | 6.5 |
ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementa…
|
— | أبريل 1, 2026 |
| CVE-2026-4668 | متوسط | 6.5 |
The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the `s…
|
— | أبريل 1, 2026 |
| CVE-2026-20095 | متوسط | 6.5 |
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with ad…
|
— | أبريل 1, 2026 |
| CVE-2025-13535 | متوسط | 6.4 |
The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Sc…
|
— | أبريل 1, 2026 |
| CVE-2026-35057 | متوسط | 6.4 |
XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scripting (XSS) in structured text mentions, …
|
⚡ Exploit | أبريل 1, 2026 |
| CVE-2026-35054 | متوسط | 6.4 |
XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related to BB code rendering. An attacker can in…
|
— | أبريل 1, 2026 |
| CVE-2026-1879 | متوسط | 6.3 |
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the fil…
|
— | أبريل 1, 2026 |
| CVE-2026-5259 | متوسط | 6.3 |
A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the…
|
— | أبريل 1, 2026 |
| CVE-2026-5248 | متوسط | 6.3 |
A vulnerability has been found in gougucms 4.08.18. This affects the function reg_submit of the file gougucms-master\app…
|
— | أبريل 1, 2026 |