🛡️ مركز معلومات الثغرات
قاعدة بيانات الثغرات والتهديدات الأمنية المحدّثة
| المعرّف | الخطورة | CVSS | الوصف | الحالة | النشر |
|---|---|---|---|---|---|
| CVE-2026-35650 | مرتفع | 7.5 |
OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypa…
|
✅ Patch | أبريل 10, 2026 |
| CVE-2026-40073 | مرتفع | 7.5 |
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under…
|
✅ Patch | أبريل 10, 2026 |
| CVE-2026-3360 | مرتفع | 7.5 |
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Ref…
|
— | أبريل 10, 2026 |
| CVE-2026-6024 | مرتفع | 7.3 |
A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfu…
|
— | أبريل 10, 2026 |
| CVE-2026-6037 | مرتفع | 7.3 |
A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function…
|
— | أبريل 10, 2026 |
| CVE-2026-6038 | مرتفع | 7.3 |
A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function…
|
— | أبريل 10, 2026 |
| CVE-2026-6004 | مرتفع | 7.3 |
A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the fil…
|
— | أبريل 10, 2026 |
| CVE-2026-6036 | مرتفع | 7.3 |
A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown fu…
|
— | أبريل 10, 2026 |
| CVE-2026-6031 | مرتفع | 7.3 |
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the …
|
— | أبريل 10, 2026 |
| CVE-2026-29002 | مرتفع | 7.2 |
CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin …
|
⚡ Exploit | أبريل 10, 2026 |
| CVE-2026-33704 | مرتفع | 7.1 |
Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including students) can write arb…
|
✅ Patch | أبريل 10, 2026 |
| CVE-2026-4162 | مرتفع | 7.1 |
The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. Th…
|
— | أبريل 10, 2026 |
| CVE-2026-35621 | متوسط | 6.5 |
OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validat…
|
— | أبريل 10, 2026 |
| CVE-2026-35652 | متوسط | 6.5 |
OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows no…
|
— | أبريل 10, 2026 |
| CVE-2026-35657 | متوسط | 6.5 |
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route…
|
— | أبريل 10, 2026 |
| CVE-2021-47960 | متوسط | 6.5 |
A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows …
|
— | أبريل 10, 2026 |
| CVE-2026-35658 | متوسط | 6.5 |
OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools…
|
— | أبريل 10, 2026 |
| CVE-2026-35649 | متوسط | 6.5 |
OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny…
|
— | أبريل 10, 2026 |
| CVE-2026-35656 | متوسط | 6.5 |
OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when …
|
— | أبريل 10, 2026 |
| CVE-2026-2305 | متوسط | 6.4 |
The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `aFhfc_head_cod…
|
— | أبريل 10, 2026 |