62
ثغرة
1
تهديد
0
خبر
5
حرجة
5
CISA KEV
🛡 الثغرات الأمنية (CVE)
CVE-2014-4123
Microsoft Internet Explorer Privilege Escalation Vulnerability — Microsoft Internet Explorer contains an unspecified vul
11:01 KSA
Microsoft Internet Explorer Privilege Escalation Vulnerability — Microsoft Internet Explorer contains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site.
CVE-2014-4148
Microsoft Windows Remote Code Execution Vulnerability — A remote code execution vulnerability exists when the Windows ke
11:01 KSA
Microsoft Windows Remote Code Execution Vulnerability — A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts.
CVE-2014-4404
Apple OS X Heap-Based Buffer Overflow Vulnerability — Heap-based buffer overflow in IOHIDFamily in Apple OS X, which aff
11:01 KSA
Apple OS X Heap-Based Buffer Overflow Vulnerability — Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context.
CVE-2014-6271
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability — GNU Bash through 4.3 processes trailing strings a
11:01 KSA
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code.
CVE-2014-4114
Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability — A vulnerability exists in Windo
11:01 KSA
Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability — A vulnerability exists in Windows Object Linking & Embedding (OLE) that could allow remote code execution if a user opens a file that contains a specially crafted OLE object.
CVE-2026-4558
A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartCo
11:22 KSA
A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be lau…
CVE-2026-4555
A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the f
11:22 KSA
A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated …
CVE-2026-4553
A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit
11:22 KSA
A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of the component Parameters Handler. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely…
CVE-2026-4552
A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform
11:22 KSA
A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be perfor…
CVE-2026-4551
A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the fil
11:22 KSA
A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a manipulation of the argument menufacturer/Go results in stack-based buffer overflow…
CVE-2026-4535
A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file
11:22 KSA
A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file /goform/WrlclientSet. Such manipulation of the argument GO leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been discl…
CVE-2026-4534
A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet.
11:22 KSA
A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. This manipulation of the argument GO causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.
CVE-2026-4314
The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all ver
11:22 KSA
The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the `isDashboardOrProfileRequest()` method in the Menu Editor module using an insecure `strpos()` check agains…
CVE-2019-25608
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary
11:22 KSA
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after back…
CVE-2019-25619
FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local atta
11:22 KSA
FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dial…
CVE-2019-25615
Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local att
11:22 KSA
Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field. Attackers can craft a payload with controlled buffer data…
CVE-2019-25611
MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to e
11:22 KSA
MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack bu…
CVE-2019-25607
Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers t
11:22 KSA
Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer a…
CVE-2019-25609
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration fiel
11:22 KSA
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory…
CVE-2019-25603
TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers t
11:22 KSA
TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled buffer, NSEH jump instruction, and SEH ha…
CVE-2019-25604
DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local a
11:22 KSA
DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds t…
CVE-2019-25612
Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local a
11:22 KSA
Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field. Attackers can trigger the vulnerability through the Sy…
CVE-2019-25613
Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by
11:22 KSA
Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an …
CVE-2019-25605
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials
11:22 KSA
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password func…
CVE-2026-4536
A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown proces
11:22 KSA
A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. The ve…
CVE-2026-4546
A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function in the library TextSha
11:22 KSA
A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function in the library TextShaping.dll. Executing a manipulation can lead to uncontrolled search path. The attack is restricted to local execution. The attack requires a high level of comple…
CVE-2026-4545
A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown function in the library PR
11:22 KSA
A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown function in the library PROPSYS.dll. Performing a manipulation results in uncontrolled search path. The attack is only possible with local access. The attack is considered to have high c…
CVE-2019-25600
UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by sup
09:54 KSA
UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field an…
CVE-2019-25610
NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users
09:54 KSA
NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../…
CVE-2026-3427
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-
09:54 KSA
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `jsonText` block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. T…
CVE-2025-71276
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.
09:54 KSA
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.
CVE-2026-4543
A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin
09:54 KSA
A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmz_flag/del_flag results in command injection. It is possible to…
CVE-2026-4548
A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function
09:54 KSA
A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launch…
CVE-2026-4554
A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the f
09:54 KSA
A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been r…
CVE-2026-4533
A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown fu
09:54 KSA
A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exp…
CVE-2019-25587
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration paramete
09:54 KSA
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and…
CVE-2019-25586
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplyi
09:54 KSA
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an …
CVE-2019-25585
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplyi
09:54 KSA
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffer of 5000 bytes into the Webseeds field during torrent creation to trigger an ap…
CVE-2019-25588
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local
09:54 KSA
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a bu…
CVE-2019-25589
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local at
09:54 KSA
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a…
CVE-2019-25584
RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local
09:54 KSA
RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a malicious payload exceeding 4000 bytes into the Server field …
CVE-2019-25583
RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash
09:54 KSA
RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash the application by submitting excessively long input. Attackers can paste a buffer of 5000 bytes into the Username field via Settings > Network to trigger an ap…
CVE-2019-25616
AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application b
09:54 KSA
AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into the registration name field to trigger a denial of service condition.
CVE-2019-25592
PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supply
09:54 KSA
PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to tr…
CVE-2019-25618
AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by su
09:54 KSA
AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the compari…
CVE-2019-25617
Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local atta
09:54 KSA
Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the…
CVE-2019-25591
DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field tha
09:54 KSA
DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can trigger a denial of service by pasting a malicious reg…
CVE-2019-25594
ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by su
09:54 KSA
ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table c…
CVE-2019-25595
jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the applicati
09:54 KSA
jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open U…
CVE-2019-25596
SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to c
09:54 KSA
SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input duri…
CVE-2019-25590
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash
09:54 KSA
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characte…
CVE-2019-25601
UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows
09:54 KSA
UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Prop…
CVE-2019-25599
Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the applicatio
09:54 KSA
Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to t…
CVE-2019-25598
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the applic
09:54 KSA
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL …
CVE-2019-25597
NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attacke
09:54 KSA
NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a large payload into the Community field and trigger the Walk function …
CVE-2019-25602
GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by input
09:54 KSA
GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer of 2000 characters into the search field, click search, and select any result to…
CVE-2019-25593
jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by su
09:54 KSA
jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then …
CVE-2019-25606
Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the applicat
09:54 KSA
Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the …
CVE-2026-4542
A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageControl
09:54 KSA
A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote…
CVE-2026-4538
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loadi
09:54 KSA
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be…
CVE-2026-4532
A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vuln
09:54 KSA
A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories ac…
CVE-2026-4530
A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/tex
09:54 KSA
A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminology_retriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The ex…
⚠️ استخبارات التهديدات
1 تهديد
rss:Dark Reading
—
06:11 KSA
<strong>الذكاء الاصطناعي يهيمن على مسابقة الابتكار في مؤتمر RSAC</strong>
تتنافس عشر شركات ناشئة في مجال الأمن السيبراني في مسابقة الابتكار بمؤتمر RSAC، مع هيمنة الحلول المعتمدة على الذكاء الاصطناعي. يقدم كل متأهل للنهائي تقنيته الأمنية المبتكرة في عرض مدته ثلاث دقائق لإظهار الا…
📰 أخبار الأمن السيبراني
0 مقال
لا توجد أخبار مجمّعة اليوم حتى الآن
يتم تحديث هذه النشرة تلقائياً يومياً — آخر تحديث: 22 Mar 2026
أرشيف الثغرات ·
التهديدات ·
الأخبار