🛡️ مركز معلومات الثغرات
قاعدة بيانات الثغرات والتهديدات الأمنية المحدّثة
| المعرّف | الخطورة | CVSS | الوصف | الحالة | النشر |
|---|---|---|---|---|---|
| CVE-2026-5368 | مرتفع | 7.3 |
A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of t…
|
— | أبريل 2, 2026 |
| CVE-2026-5244 | مرتفع | 7.3 |
A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mo…
|
— | أبريل 2, 2026 |
| CVE-2026-5320 | مرتفع | 7.3 |
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality o…
|
— | أبريل 2, 2026 |
| CVE-2026-33613 | مرتفع | 7.2 |
Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulne…
|
— | أبريل 2, 2026 |
| CVE-2026-29782 | مرتفع | 7.2 |
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, th…
|
⚡ Exploit ✅ Patch | أبريل 2, 2026 |
| CVE-2026-0686 | مرتفع | 7.2 |
The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5…
|
— | أبريل 2, 2026 |
| CVE-2026-34790 | مرتفع | 7.1 |
Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in …
|
— | أبريل 2, 2026 |
| CVE-2026-34570 | مرتفع | 8.8 |
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati…
|
⚡ Exploit | أبريل 1, 2026 |
| CVE-2026-24096 | مرتفع | 8.8 |
Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5…
|
— | أبريل 1, 2026 |
| CVE-2025-71278 | مرتفع | 8.8 |
XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using O…
|
— | أبريل 1, 2026 |
| CVE-2026-0522 | مرتفع | 8.8 |
A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated att…
|
⚡ Exploit | أبريل 1, 2026 |
| CVE-2026-20094 | مرتفع | 8.8 |
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with re…
|
— | أبريل 1, 2026 |
| CVE-2026-35091 | مرتفع | 8.2 |
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Co…
|
⚡ Exploit | أبريل 1, 2026 |
| CVE-2026-4101 | مرتفع | 8.1 |
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 …
|
— | أبريل 1, 2026 |
| CVE-2026-5282 | مرتفع | 8.1 |
Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of …
|
— | أبريل 1, 2026 |
| CVE-2026-20155 | مرتفع | 8.0 |
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow a…
|
— | أبريل 1, 2026 |
| CVE-2026-5271 | مرتفع | 7.8 |
pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current…
|
⚡ Exploit | أبريل 1, 2026 |
| CVE-2025-13855 | مرتفع | 7.6 |
IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could…
|
— | أبريل 1, 2026 |
| CVE-2026-34543 | مرتفع | 7.5 |
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the …
|
⚡ Exploit ✅ Patch | أبريل 1, 2026 |
| CVE-2025-71282 | مرتفع | 7.5 |
XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open_basedir restrictions. This …
|
— | أبريل 1, 2026 |