🛡️ مركز معلومات الثغرات
قاعدة بيانات الثغرات والتهديدات الأمنية المحدّثة
| المعرّف | الخطورة | CVSS | الوصف | الحالة | النشر |
|---|---|---|---|---|---|
| CVE-2026-34794 | مرتفع | 8.8 |
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet…
|
— | أبريل 2, 2026 |
| CVE-2026-34795 | مرتفع | 8.8 |
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet…
|
— | أبريل 2, 2026 |
| CVE-2026-5349 | مرتفع | 8.8 |
A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file…
|
⚡ Exploit | أبريل 2, 2026 |
| CVE-2026-34792 | مرتفع | 8.8 |
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet…
|
— | أبريل 2, 2026 |
| CVE-2026-34121 | مرتفع | 8.8 |
An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v…
|
— | أبريل 2, 2026 |
| CVE-2026-34728 | مرتفع | 8.7 |
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handl…
|
⚡ Exploit | أبريل 2, 2026 |
| CVE-2026-4347 | مرتفع | 8.1 |
The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via …
|
— | أبريل 2, 2026 |
| CVE-2026-34742 | مرتفع | 8.1 |
The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol (MCP) Go SDK does no…
|
✅ Patch | أبريل 2, 2026 |
| CVE-2026-34576 | مرتفع | 7.7 |
Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST /public/v1/upload-from-url endpoint acce…
|
⚡ Exploit | أبريل 2, 2026 |
| CVE-2026-34426 | مرتفع | 7.6 |
OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment varia…
|
✅ Patch | أبريل 2, 2026 |
| CVE-2026-5032 | مرتفع | 7.5 |
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.…
|
— | أبريل 2, 2026 |
| CVE-2026-33951 | مرتفع | 7.5 |
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the Signal…
|
— | أبريل 2, 2026 |
| CVE-2026-33616 | مرتفع | 7.5 |
An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpo…
|
— | أبريل 2, 2026 |
| CVE-2026-34752 | مرتفع | 7.5 |
Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the H…
|
⚡ Exploit | أبريل 2, 2026 |
| CVE-2026-33614 | مرتفع | 7.5 |
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint du…
|
— | أبريل 2, 2026 |
| CVE-2026-5244 | مرتفع | 7.3 |
A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mo…
|
— | أبريل 2, 2026 |
| CVE-2026-5320 | مرتفع | 7.3 |
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality o…
|
— | أبريل 2, 2026 |
| CVE-2026-5334 | مرتفع | 7.3 |
A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file…
|
— | أبريل 2, 2026 |
| CVE-2026-5346 | مرتفع | 7.3 |
A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client.get of the file src…
|
— | أبريل 2, 2026 |
| CVE-2026-5322 | مرتفع | 7.3 |
A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69…
|
— | أبريل 2, 2026 |