🛡️ مركز معلومات الثغرات
قاعدة بيانات الثغرات والتهديدات الأمنية المحدّثة
| المعرّف | الخطورة | CVSS | الوصف | الحالة | النشر |
|---|---|---|---|---|---|
| CVE-2026-28213 | حرج | 9.8 |
EverShop is a TypeScript-first eCommerce platform. Versions prior to 2.1.1 have a vulnerability in the "Forgot Password"…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-27510 | حرج | 9.6 |
Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.dogg…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-28215 | حرج | 9.1 |
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, an unauthenticated attacker can overw…
|
⚡ Exploit ✅ Patch | فبراير 26, 2026 |
| CVE-2026-22206 | مرتفع | 8.8 |
SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to exe…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-1565 | مرتفع | 8.8 |
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordP…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-1311 | مرتفع | 8.8 |
The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 …
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-26938 | مرتفع | 8.6 |
Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows in Kibana which cou…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-3071 | مرتفع | 8.4 |
Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to ar…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-28216 | مرتفع | 8.3 |
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify o…
|
⚡ Exploit ✅ Patch | فبراير 26, 2026 |
| CVE-2025-71057 | مرتفع | 8.2 |
Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1.00 allows attackers to execute a s…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-1779 | مرتفع | 8.1 |
The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and in…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-23750 | مرتفع | 8.1 |
Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certific…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-27509 | مرتفع | 8.0 |
Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU) do not implement DDS authentication or authorizati…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-25191 | مرتفع | 7.8 |
The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-23703 | مرتفع | 7.8 |
The installer of FinalCode Client provided by Digital Arts Inc. contains an incorrect default permissions vulnerability.…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-26682 | مرتفع | 7.8 |
An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java compo…
|
⚡ Exploit ✅ Patch | فبراير 26, 2026 |
| CVE-2026-28211 | مرتفع | 7.8 |
The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability …
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-28136 | مرتفع | 7.6 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs WP SMS …
|
✅ Patch | فبراير 26, 2026 |
| CVE-2025-14343 | مرتفع | 7.6 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft T…
|
✅ Patch | فبراير 26, 2026 |
| CVE-2026-22205 | مرتفع | 7.5 |
SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows una…
|
✅ Patch | فبراير 26, 2026 |