179
ثغرة
41
تهديد
0
خبر
5
حرجة
5
CISA KEV
🛡 الثغرات الأمنية (CVE)
CVE-2014-7169
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability — GNU Bash through 4.3 processes trailing strings a
11:01 KSA
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability…
CVE-2014-8361
Realtek SDK Improper Input Validation Vulnerability — Realtek SDK contains an improper input validation vulnerability in
11:01 KSA
Realtek SDK Improper Input Validation Vulnerability — Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request.
CVE-2014-8439
Adobe Flash Player Dereferenced Pointer Vulnerability — Adobe Flash Player has a vulnerability in the way it handles a d
11:01 KSA
Adobe Flash Player Dereferenced Pointer Vulnerability — Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution.
CVE-2014-9163
Adobe Flash Player Stack-Based Buffer Overflow Vulnerability — Stack-based buffer overflow in Adobe Flash Player allows
11:01 KSA
Adobe Flash Player Stack-Based Buffer Overflow Vulnerability — Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.
CVE-2015-0016
Microsoft Windows TS WebProxy Directory Traversal Vulnerability — Directory traversal vulnerability in the TS WebProxy (
11:01 KSA
Microsoft Windows TS WebProxy Directory Traversal Vulnerability — Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges.
CVE-2019-25647
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attac
06:54 KSA
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint…
CVE-2025-41660
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enab
11:22 KSA
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.
CVE-2026-30932
Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint (accessi
23:54 KSA
Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint (accessible to customers with DNS enabled) does not validate the content field for several DNS record types (LOC, RP, SSHFP, TLSA). An attacker can inject newlines and …
CVE-2026-33336
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, t
21:55 KSA
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables `nodeIntegration` in the main BrowserWindow and does not restrict same-window navigations. An attacker who can place…
CVE-2026-3533
The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_pop
11:22 KSA
The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_popup_templates() function as well as insufficient file type validation in the upload_files() function in all versions up to, and including, 4.14.1. This makes it …
CVE-2026-4639
Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated rem
11:22 KSA
Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges.
CVE-2026-4687
Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149
06:54 KSA
Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4690
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects
06:54 KSA
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2019-25626
River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows lo
11:22 KSA
River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code string. Attackers can craft a buffer containing 608 bytes of junk data followed…
CVE-2019-25627
FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to exec
11:22 KSA
FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Attackers can craft a malicious text file with carefully aligned shellcode and S…
CVE-2019-25629
AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functional
11:22 KSA
AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monito…
CVE-2019-25631
AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attac
11:22 KSA
AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode. Attackers can inject egg hunter shellcode through the SMTP display name fie…
CVE-2019-25633
AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attack
11:22 KSA
AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email preferences and report wizard interfaces. Attackers can inject crafted payloads int…
CVE-2019-25634
Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitra
11:22 KSA
Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH cha…
CVE-2019-25637
X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code
11:22 KSA
X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers can inject shellcode into memory and use an egg hunter technique to locate and exe…
CVE-2019-25635
Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate
11:22 KSA
Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile_list endpoint. Attackers can inject SQL code via the up_cast, s_mother, and s_religion parameters to extract sensitive dat…
CVE-2019-25636
Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database
11:22 KSA
Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' GET parameter. Attackers can send crafted requests to news_details.php, jobs_details.php, or job_cmp_details.php…
CVE-2019-25639
Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to
11:22 KSA
Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, r…
CVE-2019-25640
Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate databas
11:22 KSA
Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive dat…
CVE-2019-25641
Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate data
11:22 KSA
Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgotten_passw…
CVE-2019-25642
Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary
11:22 KSA
Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can inject SQL payloads into the thread_id parameter of forum-thread.php, the subjec…
CVE-2019-25643
eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute ar
06:54 KSA
eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid p…
CVE-2026-27654
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to
18:01 KSA
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or des…
CVE-2026-32853
LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the
21:55 KSA
LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checkin…
CVE-2026-33668
Vikunja is an open-source self-hosted task management platform. Starting in version 0.18.0 and prior to version 2.2.1, w
21:55 KSA
Vikunja is an open-source self-hosted task management platform. Starting in version 0.18.0 and prior to version 2.2.1, when a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. Three other authentication paths — A…
CVE-2026-4021
The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in
11:22 KSA
The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in `users-registry-check-after-email-or-pin-confirmation.php` using the…
CVE-2026-4718
Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Th
18:01 KSA
Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-33335
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, t
21:55 KSA
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper passes URLs from `window.open()` calls directly to `shell.openExternal()` without any validation or protocol allowlisting. A…
CVE-2025-33247
NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code executi
23:54 KSA
NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-33248
NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script where an Attacker may cause an RCE by convin
23:54 KSA
NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information dis…
CVE-2026-24150
NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a use
23:54 KSA
NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, a…
CVE-2026-24151
NVIDIA Megatron-LM contains a vulnerability in inferencing where an Attacker may cause an RCE by convincing a user to lo
23:54 KSA
NVIDIA Megatron-LM contains a vulnerability in inferencing where an Attacker may cause an RCE by convincing a user to load a maliciously crafted input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and dat…
CVE-2026-24152
NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a use
23:54 KSA
NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, a…
CVE-2026-27784
The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow
18:01 KSA
The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX…
CVE-2026-32647
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker t
18:01 KSA
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 fil…
CVE-2026-32948
sbt is a build tool for Scala, Java, and others. From version 0.9.5 to before version 1.12.7, on Windows, sbt uses Proce
23:54 KSA
sbt is a build tool for Scala, Java, and others. From version 0.9.5 to before version 1.12.7, on Windows, sbt uses Process("cmd", "/c", ...) to run VCS commands (git, hg, svn). The URI fragment (branch, tag, revision) is user-controlled via the build definition and passed to thes…
CVE-2026-4775
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the
18:01 KSA
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer …
CVE-2026-27651
When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause
18:01 KSA
When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by retu…
CVE-2026-30653
An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuth
18:01 KSA
An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF
CVE-2026-32854
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the
21:55 KSA
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. A…
CVE-2026-33174
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, a
11:22 KSA
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the proxy controller loads the entire requested byte range into memory before sendi…
CVE-2026-33176
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to v
11:22 KSA
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation (e.g. `1e10000`), which `BigDecimal` expands …
CVE-2026-33241
Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`form_data()` method
11:22 KSA
Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`form_data()` method and `Extractible` macro) do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory (OOM) condit…
CVE-2026-33306
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt() password hashing algorithm. Prior to version 3.1.22, an integer o
23:54 KSA
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt() password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 t…
CVE-2026-33332
NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.add_media_file() and app.add_media_files()
23:54 KSA
NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.add_media_file() and app.add_media_files() media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implem…
CVE-2026-33497
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_p
18:01 KSA
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, the folder_name and file_name parameters are not strictly filtered, which a…
CVE-2026-33498
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version
23:54 KSA
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.55 and 9.6.0-alpha.44, an attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang th…
CVE-2026-33508
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version
23:54 KSA
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.56 and 9.6.0-alpha.45, Parse Server's LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocke…
CVE-2026-33509
pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97,
23:54 KSA
pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97, the set_config_value() API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.s…
CVE-2026-33538
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version
23:54 KSA
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and 9.6.0-alpha.52, an unauthenticated attacker can cause denial of service by sending authentication requests with arbitrary, unconfigured provider na…
CVE-2026-3509
An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of th
11:22 KSA
An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.
CVE-2026-4640
Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated re
11:22 KSA
Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information.
CVE-2026-4662
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all version
11:22 KSA
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3.8.6.1. This is due to the `filtered_query` parameter being excluded from the HMAC signature validation (allowing attacker-controlled i…
CVE-2026-4685
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR
06:54 KSA
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4686
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR
06:54 KSA
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4693
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox
06:54 KSA
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4694
Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Fir
06:54 KSA
Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4695
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefo
06:54 KSA
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4697
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefo
06:54 KSA
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4699
Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox
06:54 KSA
Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4704
Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thu
06:54 KSA
Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4706
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR
06:54 KSA
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4707
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR
18:01 KSA
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4708
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9,
18:01 KSA
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4709
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR <
18:01 KSA
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4712
Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Th
18:01 KSA
Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4713
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9,
18:01 KSA
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4714
Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.
18:01 KSA
Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4719
Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 1
18:01 KSA
Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4726
Denial-of-service in the XML component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
18:01 KSA
Denial-of-service in the XML component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVE-2026-4727
Denial-of-service in the Libraries component in NSS. This vulnerability affects Firefox < 149 and Thunderbird < 149.
18:01 KSA
Denial-of-service in the Libraries component in NSS. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVE-2026-4613
A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /pr
11:22 KSA
A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be…
CVE-2026-4615
A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the
11:22 KSA
A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. The attack may be performed from remote. The exploit is publicly available an…
CVE-2026-4617
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element
11:22 KSA
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/api_patient_checkin.php of the component Patient Check-In Module. Executing a manipulation can lead to improper …
CVE-2026-4623
A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c
11:22 KSA
A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument ur…
CVE-2026-4624
A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown
11:22 KSA
A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack ca…
CVE-2026-4625
A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown function of the file /progr
11:22 KSA
A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown function of the file /programmes.php. Executing a manipulation of the argument program can lead to sql injection. The attack can be launched remotely. The exploit has been published and m…
CVE-2026-4632
A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of
11:22 KSA
A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack ma…
CVE-2026-33157
Craft CMS is a content management system (CMS). From version 5.6.0 to before version 5.9.13, a Remote Code Execution (RC
21:55 KSA
Craft CMS is a content management system (CMS). From version 5.6.0 to before version 5.9.13, a Remote Code Execution (RCE) vulnerability exists in Craft CMS, it can be exploited by any authenticated user with control panel access. This is a bypass of a previous fix. The existing …
CVE-2026-33539
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version
23:54 KSA
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.59 and 9.6.0-alpha.53, an attacker with master key access can execute arbitrary SQL statements on the PostgreSQL database by injecting SQL metacharacters …
CVE-2026-4627
A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_tim
11:22 KSA
A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This v…
CVE-2019-25638
Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute
11:22 KSA
Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL pay…
CVE-2019-25574
Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files an
09:54 KSA
Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the theme_name parameter in the themeexporthandle action or supply base64-enc…
CVE-2019-25582
i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensi
09:54 KSA
i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Attackers can send GET requests to index.php with file_manager=image and supply arbitrary file paths…
CVE-2019-25600
UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by sup
09:54 KSA
UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field an…
CVE-2019-25610
NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users
09:54 KSA
NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../…
CVE-2025-10736
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for
09:54 KSA
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authorization checks on the userAccessibility() function in all versions up to, and incl…
CVE-2025-6229
The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Tabl
09:54 KSA
The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `Fancy Text Widget` And `Countdown Wid…
CVE-2025-71276
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.
09:54 KSA
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.
CVE-2026-3427
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-
09:54 KSA
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `jsonText` block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. T…
CVE-2026-4513
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the fi
09:54 KSA
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public a…
CVE-2026-4514
A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/ad
09:54 KSA
A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. The atta…
CVE-2026-4515
A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the
09:54 KSA
A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been discl…
CVE-2026-4516
A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file
09:54 KSA
A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely.…
CVE-2026-4533
A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown fu
09:54 KSA
A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exp…
CVE-2026-4543
A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin
09:54 KSA
A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmz_flag/del_flag results in command injection. It is possible to…
CVE-2026-4548
A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function
09:54 KSA
A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launch…
CVE-2026-4554
A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the f
09:54 KSA
A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been r…
CVE-2026-4568
A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file
09:54 KSA
A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /update_supplier.php of the component HTTP GET Request Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remot…
CVE-2026-4569
A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the
09:54 KSA
A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /view_category.php of the component HTTP POST Request Handler. This manipulation of the argument searchtxt causes sql injection. Remote exploitation of th…
CVE-2026-4570
A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the
09:54 KSA
A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /view_customers.php of the component HTTP POST Request Handler. Such manipulation of the argument searchtxt leads to sql injection. The attack can be execu…
CVE-2026-4571
A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is
09:54 KSA
A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_payments.php of the component HTTP POST Request Handler. Performing a manipulation of the argument searchtxt results …
CVE-2026-4572
A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown
09:54 KSA
A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /view_product.php of the component HTTP POST Request Handler. Executing a manipulation of the argument searchtxt can lead to sql injec…
CVE-2026-4573
A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part
09:54 KSA
A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/form_handlers/delete_post.php of the component HTTP GET Parameter Handler. The manipulation of the argument post_id leads to sql injection…
CVE-2026-4574
A vulnerability was detected in SourceCodester Simple E-learning System 1.0. This vulnerability affects unknown code of
09:54 KSA
A vulnerability was detected in SourceCodester Simple E-learning System 1.0. This vulnerability affects unknown code of the component User Profile Update Handler. The manipulation of the argument firstName results in sql injection. It is possible to launch the attack remotely. Th…
CVE-2026-4586
A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-serve
09:54 KSA
A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web/api/controller/driver/JdbcDriverController.java of the component JDBC Driver Upl…
CVE-2026-4589
A vulnerability was identified in kalcaddle kodbox 1.64. The affected element is the function PathDriverUrl of the file
09:54 KSA
A vulnerability was identified in kalcaddle kodbox 1.64. The affected element is the function PathDriverUrl of the file /workspace/source-code/app/controller/explorer/editor.class.php of the component fileGet Endpoint. Such manipulation of the argument path leads to server-side r…
CVE-2019-25544
Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providi
09:54 KSA
Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Attackers can input a buffer of 1000 characters in the username field and trigger a crash when j…
CVE-2019-25545
Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the applic
09:54 KSA
Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Attackers can input a 5000-byte buffer of data into the 'Computer name or IP address' …
CVE-2019-25546
NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the
09:54 KSA
NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by pasting a 1000-byte buffer into the Share Name parameter when …
CVE-2019-25547
NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash
09:54 KSA
NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash the application by supplying oversized input. Attackers can paste a malicious buffer of 512 bytes into the 'Add a website or keyword to be filtered' field and …
CVE-2019-25548
BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application b
09:54 KSA
BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer of 100,000 'A' characters into the search field and trigger a search operation to…
CVE-2019-25549
VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the applicatio
09:54 KSA
VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Attackers can trigger a buffer overflow by entering a 3000-byte password in the PDF Security encryption fiel…
CVE-2019-25550
Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputti
09:54 KSA
Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog …
CVE-2019-25551
Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supply
09:54 KSA
Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Attackers can paste a buffer of 5000 characters into the 'Select or enter a program' f…
CVE-2019-25553
CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the applicatio
09:54 KSA
CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed JPG file with an oversized buffer and trigger the crash through the import funct…
CVE-2019-25555
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Script Recorder component that allows lo
09:54 KSA
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Script Recorder component that allows local attackers to crash the application by supplying an excessively large buffer. Attackers can paste a malicious string containing 500,000 characters into the D…
CVE-2019-25556
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local
09:54 KSA
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a malicious string into the New Width or New Height field to tri…
CVE-2019-25557
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers to crash the applic
09:54 KSA
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers to crash the application by importing a malformed .srp script file. Attackers can create a .srp file containing an excessively large buffer and import it through the Script Player…
CVE-2019-25558
Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers t
09:54 KSA
Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into the New Width or New Height field to trig…
CVE-2019-25561
Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by sup
09:54 KSA
Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Title field. Attackers can paste a 5000-byte buffer into the Title input field and save the file to trigger a denial of…
CVE-2019-25563
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by
09:54 KSA
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability through the Create SC feature by selecting a crafted BMP file with an oversized buffer…
CVE-2019-25565
Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows
09:54 KSA
Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows local attackers to crash the application by submitting an oversized input. Attackers can generate a file containing 5000 bytes of data, paste it into the Seria…
CVE-2019-25566
TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the
09:54 KSA
TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can create a malicious file with 1000 repeated characters, paste the content into the volume nam…
CVE-2019-25567
Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability in the Host field of the connection dialog that al
09:54 KSA
Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability in the Host field of the connection dialog that allows local attackers to crash the application by supplying an oversized input string. Attackers can trigger the vulnerability by pasting a crafted buffer exceed…
CVE-2019-25569
RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allow
09:54 KSA
RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler (SEH) chain corruption. Attackers can craft a malicious input string wit…
CVE-2019-25571
MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by op
09:54 KSA
MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Attackers can create a malicious MP3 file with a buffer containing 4000 bytes of d…
CVE-2019-25572
NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submit
09:54 KSA
NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an app…
CVE-2019-25583
RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash
09:54 KSA
RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash the application by submitting excessively long input. Attackers can paste a buffer of 5000 bytes into the Username field via Settings > Network to trigger an ap…
CVE-2019-25584
RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local
09:54 KSA
RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a malicious payload exceeding 4000 bytes into the Server field …
CVE-2019-25585
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplyi
09:54 KSA
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffer of 5000 bytes into the Webseeds field during torrent creation to trigger an ap…
CVE-2019-25586
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplyi
09:54 KSA
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an …
CVE-2019-25587
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration paramete
09:54 KSA
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and…
CVE-2019-25588
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local
09:54 KSA
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a bu…
CVE-2019-25589
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local at
09:54 KSA
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a…
CVE-2019-25590
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash
09:54 KSA
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characte…
CVE-2019-25591
DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field tha
09:54 KSA
DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can trigger a denial of service by pasting a malicious reg…
CVE-2019-25592
PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supply
09:54 KSA
PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to tr…
CVE-2019-25594
ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by su
09:54 KSA
ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table c…
CVE-2019-25595
jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the applicati
09:54 KSA
jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open U…
CVE-2019-25596
SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to c
09:54 KSA
SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input duri…
CVE-2019-25597
NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attacke
09:54 KSA
NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a large payload into the Community field and trigger the Walk function …
CVE-2019-25598
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the applic
09:54 KSA
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL …
CVE-2019-25599
Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the applicatio
09:54 KSA
Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to t…
CVE-2019-25601
UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows
09:54 KSA
UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Prop…
CVE-2019-25616
AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application b
09:54 KSA
AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into the registration name field to trigger a denial of service condition.
CVE-2019-25617
Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local atta
09:54 KSA
Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the…
CVE-2019-25618
AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by su
09:54 KSA
AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the compari…
CVE-2019-25620
Tree Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by prov
09:54 KSA
Tree Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, causi…
CVE-2019-25621
Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by pro
09:54 KSA
Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters, causing the application to beco…
CVE-2019-25622
Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by pro
09:54 KSA
Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of characters and trigger the application to read i…
CVE-2019-25623
Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by
09:54 KSA
Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can create a text file with arbitrary character sequences and trigger the application to pr…
CVE-2019-25624
Liquid Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by pr
09:54 KSA
Liquid Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, cau…
CVE-2019-25625
Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by prov
09:54 KSA
Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application t…
CVE-2026-4603
Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsi
09:54 KSA
Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations (e.g., verify and encryption)…
CVE-2019-25554
Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the applica
09:54 KSA
Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a large payload into the Name parameter when …
CVE-2019-25559
SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local atta
09:54 KSA
SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can paste a buffer of 1000 characters into the Name/Key field during registra…
CVE-2019-25562
jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to
09:54 KSA
jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming field. Attackers can paste a malicious buffer of 512 bytes into the File Naming parame…
CVE-2019-25564
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by
09:54 KSA
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Attackers can paste a buffer overflow payload into the Group property field and click Ok to trigger an …
CVE-2019-25570
RealTerm Serial Terminal 2.0.0.70 contains a denial of service vulnerability that allows local attackers to crash the ap
09:54 KSA
RealTerm Serial Terminal 2.0.0.70 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Port field. Attackers can paste a buffer of 1000 characters into the Port input field and click the ope…
CVE-2019-25577
SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arb
09:54 KSA
SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backend_theme/editcss/ or /backend/backend…
CVE-2019-25593
jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by su
09:54 KSA
jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then …
CVE-2019-25602
GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by input
09:54 KSA
GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer of 2000 characters into the search field, click search, and select any result to…
CVE-2019-25606
Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the applicat
09:54 KSA
Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the …
CVE-2026-4542
A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageControl
09:54 KSA
A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote…
CVE-2025-10731
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for
09:54 KSA
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it poss…
CVE-2025-10734
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for
09:54 KSA
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the syncedData function. This makes it possible for …
CVE-2025-13997
The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin f
09:54 KSA
The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML…
CVE-2026-4530
A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/tex
09:54 KSA
A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminology_retriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The ex…
CVE-2026-4532
A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vuln
09:54 KSA
A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories ac…
CVE-2026-4538
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loadi
09:54 KSA
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be…
CVE-2026-2756
A security vulnerability has been detected in OmniPEMF NeoRhythm up to 20260308. This affects an unknown function of the
09:54 KSA
A security vulnerability has been detected in OmniPEMF NeoRhythm up to 20260308. This affects an unknown function of the component BLE Interface. Such manipulation leads to missing authentication. The attack can only be initiated within the local network. This attack is character…
CVE-2026-4582
A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerabili
09:54 KSA
A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the loc…
CVE-2026-4583
A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this issue is some unknown fun
09:54 KSA
A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this issue is some unknown functionality of the component Bluetooth Handler. Performing a manipulation results in authentication bypass by capture-replay. The attack must originate from the …
⚠️ استخبارات التهديدات
41 تهديد
rss:The Hacker News
—
06:13 KSA
<strong>سيتريكس تحث على تصحيح ثغرة حرجة في NetScaler تسمح بتسريب البيانات دون مصادقة</strong>
أصدرت سيتريكس تحديثات أمنية لمعالجة ثغرتين في NetScaler ADC وGateway، بما في ذلك الثغرة الحرجة CVE-2026-3055 (درجة خطورة 9.3) التي تسمح للمهاجمين غير المصادق عليهم بتسريب بيانات حساسة م…
rss:SecurityWeek
—
06:12 KSA
<strong>إيران بنت شبكة كاميرات واسعة للسيطرة على المعارضة. إسرائيل حولتها إلى أداة استهداف</strong>
نجحت إسرائيل في اختراق شبكة كاميرات المراقبة الشاملة في إيران واستخدامها كسلاح في عمليات استهداف، بما في ذلك اغتيال المرشد الأعلى الإيراني. يسلط هذا الحادث الضوء على الاتجاه المتز…
rss:BleepingComputer
—
06:10 KSA
<strong>منصة التصيد Tycoon2FA تعود بعد تعطيلها من قبل الشرطة مؤخراً</strong>
استأنفت منصة التصيد كخدمة Tycoon2FA عملياتها الكاملة بعد فترة وجيزة من تعطيلها من قبل يوروبول في 4 مارس. يُظهر التعافي السريع للمنصة مرونة البنية التحتية للجرائم الإلكترونية والتهديد المستمر للمؤسسات.
rss:The Hacker News
—
05:43 KSA
<strong>الولايات المتحدة تحكم على قرصان روسي بالسجن 6.75 سنوات لدوره في أضرار برامج فدية بقيمة 9 ملايين دولار</strong>
حُكم على مواطن روسي يبلغ 26 عاماً بالسجن 6.75 سنوات في الولايات المتحدة لمساعدته مجموعات الجرائم السيبرانية الكبرى، بما في ذلك مشغلو برامج الفدية Yanluowang، في…
rss:The Hacker News
—
05:43 KSA
<strong>TeamPCP تخترق GitHub Actions الخاصة بـ Checkmarx باستخدام بيانات اعتماد CI مسروقة</strong>
اخترق الفاعل التهديدي TeamPCP اثنين من سير عمل GitHub Actions التي تديرها Checkmarx باستخدام برمجيات خبيثة لسرقة بيانات الاعتماد. يأتي هذا الهجوم بعد اختراقهم السابق لسلسلة توريد T…
rss:The Hacker News
—
05:43 KSA
<strong>حملة Ghost تستخدم 7 حزم npm لسرقة محافظ العملات المشفرة وبيانات الاعتماد</strong>
اكتشف باحثون حزم npm خبيثة في حملة Ghost مصممة لسرقة محافظ العملات المشفرة وبيانات الاعتماد الحساسة. سبع حزم نشرها مستخدم 'mikilanjillo' تستهدف المطورين عبر نظام npm، مما يشكل مخاطر على سلس…
rss:SecurityWeek
—
05:42 KSA
<strong>3.1 مليون متضرر من اختراق بيانات QualDerm</strong>
تعرضت QualDerm لاختراق بيانات كبير أثر على 3.1 مليون فرد حيث سرق المتسللون معلومات شخصية وسجلات طبية وبيانات التأمين الصحي من الأنظمة الداخلية. يسلط هذا الاختراق في قطاع الرعاية الصحية الضوء على مخاطر البيانات الحساسة لل…
rss:SecurityWeek
—
05:42 KSA
<strong>ندوة عبر الإنترنت: تطبيق ضوابط ومعايير CIS عملياً</strong>
ندوة تعليمية عبر الإنترنت تركز على تطبيق ضوابط الأمان الحرجة ومعايير CIS لإدارة التكوين الآمن على نطاق المؤسسات. توفر إرشادات حول توحيد التكوينات الأمنية عبر البنية التحتية التنظيمية.
rss:SecurityWeek
—
05:42 KSA
<strong>تحديث Chrome 146 يعالج ثغرات أمنية عالية الخطورة</strong>
يعالج تحديث جوجل كروم 146 ثماني ثغرات أمنية في سلامة الذاكرة عبر سبعة مكونات بتصنيف خطورة عالية. يجب على المؤسسات التي تستخدم كروم إعطاء الأولوية للنشر الفوري لمنع الاستغلال المحتمل لهذه العيوب في تلف الذاكرة.
rss:Dark Reading
—
05:41 KSA
<strong>العصر الجديد لبرامج الفدية: التحرك بسرعة الذكاء الاصطناعي</strong>
يستخدم مشغلو برامج الفدية تقنيات الذكاء الاصطناعي لتسريع الهجمات والتهرب من الضوابط الأمنية. يستغل المهاجمون بيانات الاعتماد الشرعية ويركزون على سرقة البيانات، مستخدمين الذكاء الاصطناعي لأتمتة الاستطلاع و…
rss:Dark Reading
—
05:41 KSA
<strong>الذكاء الاصطناعي في مركز العمليات الأمنية: ما الذي قد يحدث من خطأ؟</strong>
أجرى قائدان في مجال الأمن السيبراني تجربة لمدة ستة أشهر لاختبار دمج الذكاء الاصطناعي في مراكز العمليات الأمنية الخاصة بهم. كشفت الدراسة عن التحديات العملية والدروس المستفادة من تطبيق الأتمتة الأم…
rss:Dark Reading
—
05:41 KSA
<strong>هجوم سلسلة التوريد على أداة Trivy يستهدف أسرار CI/CD</strong>
استغل مهاجمون أداة Trivy الأمنية مفتوحة المصدر لنشر برمجية خبيثة لسرقة المعلومات في خطوط CI/CD. نجح الهجوم في سرقة بيانات اعتماد السحابة ومفاتيح SSH ورموز المصادقة وغيرها من الأسرار الحساسة من سير عمل التطوير …
rss:BleepingComputer
—
05:40 KSA
<strong>مازدا تكشف عن خرق أمني يعرض بيانات الموظفين والشركاء</strong>
كشفت شركة مازدا موتور عن حادث أمني تم اكتشافه في ديسمبر أدى إلى تعريض معلومات تخص الموظفين والشركاء التجاريين للخطر. يؤثر الاختراق على شركة تصنيع سيارات كبرى ويسلط الضوء على مخاطر أمن سلسلة التوريد.
rss:BleepingComputer
—
05:40 KSA
<strong>أوبن إيه آي تطلق مكتبة تشات جي بي تي لتخزين ملفاتك الشخصية</strong>
أطلقت أوبن إيه آي ميزة جديدة تسمى 'المكتبة' لتشات جي بي تي تتيح للمستخدمين تخزين الملفات والصور الشخصية على التخزين السحابي الخاص بأوبن إيه آي للرجوع إليها مستقبلاً. يثير هذا اعتبارات تتعلق بخصوصية البيا…
rss:BleepingComputer
—
05:40 KSA
<strong>وزارة المالية الهولندية تكشف عن اختراق يؤثر على الموظفين</strong>
أكدت وزارة المالية الهولندية تعرضها لهجوم إلكتروني أدى إلى اختراق بعض أنظمتها، تم اكتشافه الأسبوع الماضي. أثر الحادث على بيانات الموظفين ويمثل اختراقاً كبيراً لمؤسسة حكومية مالية حيوية.
rss:BleepingComputer
—
05:39 KSA
<strong>وسيط الوصول لبرمجية الفدية Yanluowang يحصل على 81 شهراً في السجن</strong>
حُكم على مواطن روسي بالسجن 81 شهراً لعمله كوسيط وصول أولي لعمليات برمجية الفدية Yanluowang. يُظهر هذا الحكم التعاون الدولي لإنفاذ القانون ضد البنية التحتية لبرمجيات الفدية ووسطاء الوصول.
rss:BleepingComputer
—
05:39 KSA
<strong>Infinite Campus تحذر من اختراق بعد ادعاء ShinyHunters بسرقة البيانات</strong>
كشفت Infinite Campus، نظام معلومات الطلاب الرئيسي للمراحل الدراسية K-12، عن اختراق بيانات بعد محاولات ابتزاز من جهات تهديد. يؤثر الاختراق على المؤسسات التعليمية ويعرض بيانات الطلاب الحساسة للخط…
rss:BleepingComputer
—
05:39 KSA
<strong>HackerOne تكشف عن اختراق بيانات الموظفين بعد اختراق Navia</strong>
تعرضت منصة مكافآت الثغرات HackerOne لاختراق في سلسلة التوريد أثر على مئات الموظفين بعد اختراق المهاجمين لشركة Navia، مسؤول المزايا الأمريكي. يسلط الحادث الضوء على مخاطر الموردين الخارجيين في صناعة الأمن ا…
rss:The Hacker News
—
05:23 KSA
<strong>5 دروس مستفادة من أول دليل سوق من Gartner لوكلاء الحماية</strong>
أصدرت Gartner أول دليل سوق لوكلاء الحماية في 25 فبراير 2026، مما يمثل معلماً هاماً لهذه الفئة الناشئة في تقنيات الأمن السيبراني. يحدد الدليل سوق وكلاء الأمن المدعومين بالذكاء الاصطناعي ويوفر للمؤسسات رؤى ح…
rss:The Hacker News
—
05:23 KSA
<strong>التكلفة الخفية للتخصص في الأمن السيبراني: فقدان المهارات الأساسية</strong>
على الرغم من زيادة التخصص والأدوات المتقدمة في الأمن السيبراني، تواصل المؤسسات المعاناة من التحديات الأمنية الأساسية. يسلط المقال الضوء على كيفية تسبب الإفراط في التخصص في فقدان المهارات الأساسية،…
rss:The Hacker News
—
05:23 KSA
<strong>قراصنة يستخدمون سير ذاتية مزيفة لسرقة بيانات اعتماد الشركات ونشر برامج تعدين العملات المشفرة</strong>
حملة تصيد احتيالي نشطة تستهدف بيئات الشركات الناطقة بالفرنسية باستخدام سير ذاتية مزيفة تحتوي على ملفات VBScript مشوشة بشكل كبير. يقوم الهجوم بنشر برامج تعدين العملات الم…
rss:SecurityWeek
—
05:23 KSA
<strong>مجموعة ابتزاز تدعي اختراق شركة أسترازينيكا</strong>
تدعي مجموعة الابتزاز Lapsus$ أنها اخترقت شركة أسترازينيكا، حيث اخترقت مستودعات الأكواد الداخلية وبيانات اعتماد الموظفين والبيانات الحساسة للموظفين. يمثل هذا خرقاً كبيراً للبيانات يستهدف شركة أدوية كبرى مع احتمال كشف معل…
rss:SecurityWeek
—
05:23 KSA
<strong>ملخص إعلانات مؤتمر RSAC 2026 (اليوم الأول)</strong>
ملخص لإعلانات الموردين في اليوم الأول من مؤتمر RSA 2026. يغطي المقال المنتجات والخدمات والحلول الأمنية السيبرانية الجديدة التي قدمها مختلف موردي الأمن في الحدث الرائد في الصناعة.
rss:SecurityWeek
—
05:23 KSA
<strong>بولندا تواجه موجة من الهجمات السيبرانية في 2025، بما في ذلك هجوم كبير على قطاع الطاقة</strong>
واجهت بولندا موجة من الهجمات السيبرانية في عام 2025، بما في ذلك اختراق تخريبي لبنيتها التحتية للطاقة في ديسمبر يُشتبه في أنه نشأ من روسيا. استهدفت الهجمات البنية التحتية الوطني…
rss:Dark Reading
—
05:21 KSA
<strong>مايكروسوفت تقترح ضوابط أفضل للهوية والحماية لوكلاء الذكاء الاصطناعي</strong>
قدمت مايكروسوفت ميزات أمنية جديدة لمعالجة التهديدات الناشئة من أنظمة الذكاء الاصطناعي الوكيلة. تركز الضوابط المقترحة على تحسين إدارة الهوية وآليات الحماية لمساعدة المؤسسات على إدارة المخاطر المر…
rss:Dark Reading
—
05:21 KSA
<strong>كيف يستخدم بنك كبير التوائم الرقمية المدعومة بالذكاء الاصطناعي للكشف عن التهديدات</strong>
قام بنك JPMorgan Chase بتطبيق تقنية التوائم الرقمية والبصمات الرقمية المدعومة بالذكاء الاصطناعي لتعزيز قدرات الكشف عن التهديدات. يمكّن هذا النهج البنك من تحديد الجهات الخبيثة والسل…
rss:Dark Reading
—
05:21 KSA
<strong>مستودع 'OpenClaw Deployer' على GitHub يوزع برمجيات خبيثة بدلاً من الأدوات المشروعة</strong>
حملة متطورة بمساعدة الذكاء الاصطناعي قامت بتوزيع أكثر من 300 حزمة برمجية خبيثة متنكرة في صورة برامج مشروعة تشمل أدوات المطورين وبرامج الألعاب عبر GitHub. تشكل هذه الحزم …
rss:CISA Advisories
—
05:20 KSA
<strong>ثغرات أمنية في نظام Schneider Electric Plant iT/Brewmaxx</strong>
تم اكتشاف ثغرات أمنية خطيرة في نظام Schneider Electric Plant iT/Brewmaxx الإصدار 9.60 وما فوق قد تسمح برفع الصلاحيات وتنفيذ أكواد عن بُعد. تشكل هذه الثغرات مخاطر كبيرة على أنظمة التحكم الصناعي والتكنولوجيا…
rss:BleepingComputer
—
05:20 KSA
<strong>فايرفوكس يطلق خدمة VPN مجانية مدمجة بحد 50 جيجابايت شهرياً</strong>
أطلقت موزيلا فايرفوكس 149 مع خاصية VPN مدمجة توفر 50 جيجابايت شهرياً لتعزيز خصوصية المستخدمين. تهدف هذه الأداة لحماية أنشطة التصفح وتشفير حركة الإنترنت لمستخدمي فايرفوكس.
rss:BleepingComputer
—
05:20 KSA
<strong>مايكروسوفت تصلح خطأ يسبب مشاكل مزامنة Outlook الكلاسيكي مع Gmail</strong>
أصلحت مايكروسوفت خطأ يؤثر على مزامنة البريد الإلكتروني بين Outlook الكلاسيكي وخدمات Gmail/Yahoo. يعالج الإصلاح مشاكل الاتصال والمزامنة التي أثرت على اتصالات البريد الإلكتروني للأعمال.
rss:BleepingComputer
—
05:20 KSA
<strong>انعدام الثقة: سد الفجوة بين المصادقة والثقة</strong>
المصادقة متعددة العوامل وحدها غير كافية حيث يمكن للمهاجمين اختطاف رموز الجلسات وتجاوز التحقق من الهوية. تتطلب بنية انعدام الثقة التحقق المستمر من هوية المستخدم وسلامة الجهاز لمنع الهجمات القائمة على الرموز واختطاف الجل…
rss:The Hacker News
—
05:10 KSA
<strong>إعلانات البحث الضريبي تنشر برمجية ScreenConnect الخبيثة باستخدام برنامج تشغيل Huawei لتعطيل أنظمة الحماية</strong>
حملة إعلانات خبيثة واسعة النطاق منذ يناير 2025 تستهدف المستخدمين الأمريكيين الباحثين عن المستندات الضريبية، وتقدم برامج تثبيت خبيثة لـ ConnectWise ScreenCon…
rss:The Hacker News
—
05:10 KSA
<strong>مجموعة TeamPCP تزرع أبواباً خلفية في إصدارات LiteLLM عبر اختراق CI/CD لأداة Trivy</strong>
اخترقت مجموعة TeamPCP الحزمة الشهيرة LiteLLM (الإصدارات 1.82.7-1.82.8) من خلال هجمات على خطوط CI/CD لأدوات Trivy وKICS. تحتوي الإصدارات الخبيثة على أدوات لسرقة بيانات الاعتماد والت…
rss:SecurityWeek
—
05:09 KSA
<strong>لماذا تحتاج أنظمة الذكاء الاصطناعي الوكيلة إلى حوكمة أفضل - دروس من OpenClaw</strong>
تتطور أنظمة الذكاء الاصطناعي الوكيلة من أدوات سلبية إلى وكلاء مستقلين لهم وصول مباشر للأنظمة، مما يثير مخاوف كبيرة بشأن الحوكمة والأمن. توضح حالة OpenClaw الحاجة إلى ضوابط ورقابة أقوى م…
rss:SecurityWeek
—
05:09 KSA
<strong>وزارة الطاقة الأمريكية تنشر خطة أمن الطاقة لخمس سنوات</strong>
أطلق مكتب أمن الطاقة السيبرانية والطوارئ والاستجابة التابع لوزارة الطاقة الأمريكية مشروع Armor، وهي مبادرة لمدة خمس سنوات لتعزيز أمن البنية التحتية الحيوية للطاقة. تركز الخطة على تحصين أنظمة الطاقة ضد التهديد…
rss:Malwarebytes Lab
—
05:09 KSA
<strong>مجمعات الاحتيال توظف 'عارضات ذكاء اصطناعي' لإتمام الصفقات في مكالمات فيديو مزيفة عميقة</strong>
تقوم عمليات الاحتيال بتوظيف نساء للمشاركة في مكالمات فيديو مزيفة عميقة، حيث يتم تركيب وجوههن على الضحايا لجعل مخططات الاحتيال تبدو شرعية. تعالج هذه التقنية تحدي استخ…
rss:Malwarebytes Lab
—
05:09 KSA
<strong>مكتب التحقيقات الفيدرالي ووكالة الأمن السيبراني يحذران من قراصنة روس يخترقون حسابات سيجنال وواتساب</strong>
حذر مكتب التحقيقات الفيدرالي ووكالة الأمن السيبراني والبنية التحتية، بالتعاون مع وكالات أوروبية، من حملة هندسة اجتماعية روسية واسعة النطاق تستهدف حسابات تطبيقات ال…
rss:CISA Advisories
—
05:07 KSA
<strong>مكتبة Grassroots DICOM (GDCM)</strong>
ثغرة أمنية (CVE-2026-3650) في مكتبة Grassroots DICOM الإصدار 3.2.2 تسمح للمهاجمين بإحداث حالة رفض الخدمة عبر ملفات مصممة خصيصاً. يؤثر هذا على أنظمة التصوير الطبي التي تحلل ملفات DICOM للعمليات الصحية.
rss:CISA Advisories
—
05:07 KSA
<strong>وحدة التحكم Mosaic Show من Pharos Controls</strong>
ثغرة حرجة (CVE-2026-2417) في البرنامج الثابت 2.15.3 لوحدة التحكم Mosaic Show من Pharos Controls تسمح للمهاجمين عن بُعد بدون مصادقة بتنفيذ أوامر عشوائية بصلاحيات الجذر. يمثل هذا خطر اختراق كامل للنظام في أنظمة التحكم بال…
rss:CISA Advisories
—
05:07 KSA
<strong>نظام التحكم الموزع EcoStruxure Foxboro من شنايدر إلكتريك</strong>
كشفت شنايدر إلكتريك عن ثغرة أمنية في برنامج التحكم EcoStruxure Foxboro DCS تؤثر على محطات العمل والخوادم. خدمات التحكم الأساسية ومكونات التشغيل غير متأثرة، مما يحصر النطاق في البنية التحتية الإدارية.
rss:BleepingComputer
—
05:07 KSA
<strong>لجنة الاتصالات الفيدرالية تحظر أجهزة التوجيه الجديدة المصنعة خارج الولايات المتحدة لأسباب أمنية</strong>
حظرت لجنة الاتصالات الفيدرالية الأمريكية بيع أجهزة التوجيه الاستهلاكية الجديدة المصنعة في دول أجنبية من خلال إضافتها إلى قائمة الأجهزة المحظورة. يعالج هذا الإجراء الت…
📰 أخبار الأمن السيبراني
0 مقال
لا توجد أخبار مجمّعة اليوم حتى الآن
يتم تحديث هذه النشرة تلقائياً يومياً — آخر تحديث: 24 Mar 2026
أرشيف الثغرات ·
التهديدات ·
الأخبار