🛡️ مركز معلومات الثغرات
قاعدة بيانات الثغرات والتهديدات الأمنية المحدّثة
| المعرّف | الخطورة | CVSS | الوصف | الحالة | النشر |
|---|---|---|---|---|---|
| CVE-2026-22187 | مرتفع | 7.8 |
Bio-Formats versions up to and including 8.3.0 perform unsafe Java deserialization of attacker-controlled memoization ca…
|
✅ Patch | يناير 7, 2026 |
| CVE-2025-11877 | مرتفع | 7.5 |
The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed…
|
✅ Patch | يناير 7, 2026 |
| CVE-2025-13493 | مرتفع | 7.5 |
The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, a…
|
✅ Patch | يناير 7, 2026 |
| CVE-2025-13801 | مرتفع | 7.5 |
The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.8.8 via t…
|
✅ Patch | يناير 7, 2026 |
| CVE-2025-14070 | مرتفع | 7.5 |
The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check …
|
✅ Patch | يناير 7, 2026 |
| CVE-2025-69262 | مرتفع | 7.5 |
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment…
|
⚡ Exploit ✅ Patch | يناير 7, 2026 |
| CVE-2025-69263 | مرتفع | 7.5 |
pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the l…
|
⚡ Exploit ✅ Patch | يناير 7, 2026 |
| CVE-2026-21441 | مرتفع | 7.5 |
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HT…
|
✅ Patch | يناير 7, 2026 |
| CVE-2026-22190 | مرتفع | 7.5 |
Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulnerability. The -gp (g…
|
⚡ Exploit ✅ Patch | يناير 7, 2026 |
| CVE-2026-21856 | مرتفع | 7.2 |
The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992…
|
⚡ Exploit ✅ Patch | يناير 7, 2026 |
| CVE-2025-14835 | مرتفع | 7.1 |
The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ paramet…
|
✅ Patch | يناير 7, 2026 |
| CVE-2026-22186 | مرتفع | 7.1 |
Bio-Formats versions up to and including 8.3.0 contain an XML External Entity (XXE) vulnerability in the Leica Microsyst…
|
✅ Patch | يناير 7, 2026 |
| CVE-2020-36910 | مرتفع | 8.8 |
Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard…
|
✅ Patch | يناير 6, 2026 |
| CVE-2025-15382 | مرتفع | 8.1 |
A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote att…
|
✅ Patch | يناير 6, 2026 |
| CVE-2025-12793 | مرتفع | 7.8 |
An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the ap…
|
✅ Patch | يناير 6, 2026 |
| CVE-2025-36589 | مرتفع | 7.6 |
Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vul…
|
✅ Patch | يناير 6, 2026 |
| CVE-2020-36905 | مرتفع | 7.5 |
FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows…
|
✅ Patch | يناير 6, 2026 |
| CVE-2020-36907 | مرتفع | 7.5 |
Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to …
|
✅ Patch | يناير 6, 2026 |
| CVE-2020-36914 | مرتفع | 7.5 |
QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote atta…
|
✅ Patch | يناير 6, 2026 |
| CVE-2020-36917 | مرتفع | 7.5 |
iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote atta…
|
✅ Patch | يناير 6, 2026 |