🛡️ مركز معلومات الثغرات
قاعدة بيانات الثغرات والتهديدات الأمنية المحدّثة
| المعرّف | الخطورة | CVSS | الوصف | الحالة | النشر |
|---|---|---|---|---|---|
| CVE-2026-4352 | مرتفع | 7.5 |
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endp…
|
— | أبريل 14, 2026 |
| CVE-2026-32203 | مرتفع | 7.5 |
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
|
— | أبريل 14, 2026 |
| CVE-2026-32178 | مرتفع | 7.5 |
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
|
— | أبريل 14, 2026 |
| CVE-2026-24032 | مرتفع | 7.3 |
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains a…
|
— | أبريل 14, 2026 |
| CVE-2026-3017 | مرتفع | 7.2 |
The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to P…
|
— | أبريل 14, 2026 |
| CVE-2026-4388 | مرتفع | 7.2 |
The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field (Text Box…
|
— | أبريل 14, 2026 |
| CVE-2026-6227 | مرتفع | 7.2 |
The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` parameter of the `/wp-json/…
|
— | أبريل 14, 2026 |
| CVE-2026-34256 | مرتفع | 7.1 |
Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacke…
|
— | أبريل 14, 2026 |
| CVE-2026-4345 | مرتفع | 7.1 |
A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripti…
|
— | أبريل 14, 2026 |
| CVE-2026-4369 | مرتفع | 7.1 |
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and…
|
— | أبريل 14, 2026 |
| CVE-2026-33892 | مرتفع | 7.1 |
A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial…
|
— | أبريل 14, 2026 |
| CVE-2026-32188 | مرتفع | 7.1 |
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
|
— | أبريل 14, 2026 |
| CVE-2026-4344 | مرتفع | 7.1 |
A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked…
|
— | أبريل 14, 2026 |
| CVE-2026-32080 | مرتفع | 7.0 |
Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.
|
— | أبريل 14, 2026 |
| CVE-2026-32224 | مرتفع | 7.0 |
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
|
— | أبريل 14, 2026 |
| CVE-2026-32195 | مرتفع | 7.0 |
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
|
— | أبريل 14, 2026 |
| CVE-2026-6135 | مرتفع | 8.8 |
A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the fi…
|
— | أبريل 13, 2026 |
| CVE-2026-6157 | مرتفع | 8.8 |
A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig …
|
— | أبريل 13, 2026 |
| CVE-2026-6168 | مرتفع | 8.8 |
A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of …
|
— | أبريل 13, 2026 |
| CVE-2026-6137 | مرتفع | 8.8 |
A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromAdvSetWan of the…
|
— | أبريل 13, 2026 |