200
ثغرة
19
تهديد
0
خبر
10
حرجة
9
CISA KEV
🛡 الثغرات الأمنية (CVE)
ثغرة SSRF في WWBN AVideo تسمح لأي مستخدم بعيد غير مصرح به بإجبار خادم AVideo على إرسال طلبات HTTP إلى عناوين URL تعسفية عبر ملف plugin/Live/test.php. يمكن استخدام هذه الثغرة للوصول إلى الخدمات الداخلية والموارد المحمية وبيانات السحابة الحساسة.
تسمح ثغرة في Census CSWeb 8.0.1 بالوصول غير المصرح إلى ملفات التكوين الحساسة عبر نقطة نهاية HTTP غير محمية. يمكن للمهاجمين البعيدين بدون مصادقة الحصول على أسرار حساسة مثل مفاتيح API وكلمات مرور قواعد البيانات. تم إصلاح هذه المشكلة في الإصدار 8.1.0 ألفا.
CVE-2015-0071
Microsoft Internet Explorer ASLR Bypass Vulnerability — Microsoft Internet Explorer allows remote attackers to bypass th
11:01 KSA
Microsoft Internet Explorer ASLR Bypass Vulnerability — Microsoft Internet Explorer allows remote attackers to bypass the address space layout randomization (ASLR) protection mechanism via a crafted web site.
CVE-2015-0310
Adobe Flash Player ASLR Bypass Vulnerability — Adobe Flash Player does not properly restrict discovery of memory address
11:01 KSA
Adobe Flash Player ASLR Bypass Vulnerability — Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism.
CVE-2015-0311
Adobe Flash Player Remote Code Execution Vulnerability — Unspecified vulnerability in Adobe Flash Player allows remote a
11:01 KSA
Adobe Flash Player Remote Code Execution Vulnerability — Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.
ثغرة استخدام الذاكرة بعد تحريرها في Adobe Flash Player تسمح للمهاجمين البعيدين بتنفيذ أكواد برمجية عشوائية
ثغرة اجتياز المجلدات في خادم fmserver في Cisco Prime Data Center Network Manager (DCNM) تسمح للمهاجمين البعيدين بقراءة ملفات عشوائية على النظام
تطبيق XPC في إطار عمل Admin في نظام تشغيل Apple OS X قبل الإصدار 10.10.3 يحتوي على ثغرة أمنية تسمح للمستخدمين المحليين بتجاوز آليات المصادقة والحصول على امتيازات إدارية غير مصرح بها
تسمح أداة ping في أجهزة D-Link و TRENDnet المتعددة للمهاجمين البعيدين بتنفيذ أوامر بعيدة على الأجهزة المتأثرة
ثغرة حرجة في محرك Groovy للنصوص البرمجية في Elasticsearch تسمح للمهاجمين البعيدين بتجاوز آليات الحماية الرملية المطبقة وتنفيذ أوامر shell عشوائية على النظام المتأثر، مما يؤدي إلى اختراق كامل للخادم
CVE-2025-41660
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enab
11:22 KSA
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.
CVE-2026-23480
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is a privilege escalation vulnerability.
11:22 KSA
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is a privilege escalation vulnerability. The upsertUser endpoint has 3 issues: it is missing superAdminAuthMiddleware, any logged-in user can call it; the originalPassword is an optional parameter and…
CVE-2026-23514
Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerabili
11:08 KSA
Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch.
CVE-2026-33046
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In vers
11:22 KSA
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use spec…
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy
11:22 KSA
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags in `aquasecurity/setup-…
CVE-2026-3533
The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_pop
11:22 KSA
The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_popup_templates() function as well as insufficient file type validation in the upload_files() function in all versions up to, and including, 4.14.1. This makes it …
CVE-2026-4314
The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all ver
11:22 KSA
The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the `isDashboardOrProfileRequest()` method in the Menu Editor module using an insecure `strpos()` check agains…
CVE-2026-4529
A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirect_count_down_page of the c
11:22 KSA
A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirect_count_down_page of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might …
CVE-2026-4534
A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet.
11:22 KSA
A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. This manipulation of the argument GO causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.
CVE-2026-4535
A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file
11:22 KSA
A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file /goform/WrlclientSet. Such manipulation of the argument GO leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been discl…
CVE-2026-4551
A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the fil
11:22 KSA
A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a manipulation of the argument menufacturer/Go results in stack-based buffer overflow…
CVE-2026-4552
A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform
11:22 KSA
A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be perfor…
CVE-2026-4553
A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit
11:22 KSA
A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of the component Parameters Handler. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely…
CVE-2026-4555
A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the f
11:22 KSA
A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated …
CVE-2026-4558
A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartCo
11:22 KSA
A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be lau…
CVE-2026-4565
A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetN
11:22 KSA
A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely. The exploit is now public and ma…
CVE-2026-4566
A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/for
11:22 KSA
A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been pub…
CVE-2026-4639
Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated rem
11:22 KSA
Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges.
CVE-2026-5004
A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin
15:22 KSA
A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffer overflow. It is possible to lau…
CVE-2026-33348
OpenEMR is a free and open source electronic health records and medical practice management application. Users with the
11:08 KSA
OpenEMR is a free and open source electronic health records and medical practice management application. Users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The answers to the form are displayed on the encounter page and in the visit history…
CVE-2026-33480
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `isSSRFSafeURL()` function in AV
11:22 KSA
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `isSSRFSafeURL()` function in AVideo can be bypassed using IPv4-mapped IPv6 addresses (`::ffff:x.x.x.x`). The unauthenticated `plugin/LiveLinks/proxy.php` endpoint uses this function to valida…
CVE-2026-33513
WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated API endpoint (`AP
11:22 KSA
WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated API endpoint (`APIName=locale`) concatenates user input into an `include` path with no canonicalization or whitelist. Path traversal is accepted, so arbitrary PHP files under th…
CVE-2016-20037
xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute a
03:24 KSA
xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer boundaries. Attackers can craft malicious command-line arguments with 262 bytes of junk …
CVE-2016-20038
yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary cod
03:24 KSA
yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address …
CVE-2016-20039
Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allo
09:57 KSA
Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized gamma parameter value to overflow the stack buffer and …
CVE-2016-20040
TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attacke
09:57 KSA
TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized ROM parameter to the tiemu command-line interface to overflow the stack…
CVE-2016-20041
Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute ar
09:57 KSA
Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a ret…
CVE-2016-20042
TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by suppl
09:57 KSA
TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Attackers can craft a malicious command-line argument with 156 bytes of padding followed by a return address to o…
CVE-2016-20043
NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary
09:57 KSA
NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value …
CVE-2016-20044
PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by
09:57 KSA
PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to over…
CVE-2016-20045
HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary
09:57 KSA
HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -rc command-line parameter. Attackers can craft a malicious input string exceeding 108 bytes containing shellcode…
CVE-2016-20046
zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connection
09:57 KSA
zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allo…
CVE-2016-20047
EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling that allows local at
09:57 KSA
EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling that allows local attackers to execute arbitrary code by supplying an oversized username string. Attackers can trigger the overflow in the strlcpy function by passing a crafted buf…
CVE-2016-20048
iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code
09:57 KSA
iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to over…
CVE-2017-20226
Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code
15:22 KSA
Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Attackers can craft a malicious buffer with junk data, return address, NOP instructions, and shellcode to overflow the …
CVE-2017-20228
Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbit
15:22 KSA
Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointe…
CVE-2018-25222
SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by s
15:22 KSA
SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 1052 bytes to overwrite the instruction pointer a…
CVE-2018-25224
PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arb
15:22 KSA
PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffe…
CVE-2018-25225
SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arb
15:22 KSA
SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer,…
CVE-2019-25603
TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers t
11:22 KSA
TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled buffer, NSEH jump instruction, and SEH ha…
CVE-2019-25604
DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local a
11:22 KSA
DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds t…
CVE-2019-25607
Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers t
11:22 KSA
Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer a…
CVE-2019-25608
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary
11:22 KSA
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after back…
CVE-2019-25609
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration fiel
11:22 KSA
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory…
CVE-2019-25611
MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to e
11:22 KSA
MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack bu…
CVE-2019-25615
Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local att
11:22 KSA
Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field. Attackers can craft a payload with controlled buffer data…
CVE-2019-25619
FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local atta
11:22 KSA
FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dial…
CVE-2019-25626
River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows lo
11:22 KSA
River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code string. Attackers can craft a buffer containing 608 bytes of junk data followed…
CVE-2019-25627
FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to exec
11:22 KSA
FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Attackers can craft a malicious text file with carefully aligned shellcode and S…
CVE-2019-25629
AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functional
11:22 KSA
AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monito…
CVE-2019-25631
AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attac
11:22 KSA
AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode. Attackers can inject egg hunter shellcode through the SMTP display name fie…
CVE-2019-25633
AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attack
11:22 KSA
AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email preferences and report wizard interfaces. Attackers can inject crafted payloads int…
CVE-2019-25634
Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitra
11:22 KSA
Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH cha…
CVE-2019-25637
X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code
11:22 KSA
X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers can inject shellcode into memory and use an egg hunter technique to locate and exe…
CVE-2026-32845
cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating
11:22 KSA
cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers …
CVE-2018-25210
WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows u
11:08 KSA
WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-ba…
CVE-2019-25575
SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary
11:22 KSA
SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive data…
CVE-2019-25576
Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arb
11:22 KSA
Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION …
CVE-2019-25578
phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL quer
11:22 KSA
phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews paramet…
CVE-2019-25580
ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL querie
11:22 KSA
ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQ…
CVE-2019-25581
i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL
11:22 KSA
i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to e…
CVE-2019-25635
Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate
11:22 KSA
Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile_list endpoint. Attackers can inject SQL code via the up_cast, s_mother, and s_religion parameters to extract sensitive dat…
CVE-2019-25636
Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database
11:22 KSA
Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' GET parameter. Attackers can send crafted requests to news_details.php, jobs_details.php, or job_cmp_details.php…
CVE-2019-25639
Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to
11:22 KSA
Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, r…
CVE-2019-25640
Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate databas
11:22 KSA
Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive dat…
CVE-2019-25641
Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate data
11:22 KSA
Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgotten_passw…
CVE-2019-25642
Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary
11:22 KSA
Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can inject SQL payloads into the thread_id parameter of forum-thread.php, the subjec…
CVE-2026-33649
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/Permissions/setPermissio
11:22 KSA
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/Permissions/setPermission.json.php` endpoint accepts GET parameters for a state-changing operation that modifies user group permissions. The endpoint has no CSRF token validation, and …
CVE-2026-33651
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `remindMe.json.php` endpoint pas
11:22 KSA
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `remindMe.json.php` endpoint passes `$_REQUEST['live_schedule_id']` through multiple functions without sanitization until it reaches `Scheduler_commands::getAllActiveOrToRepeat()`, which direc…
CVE-2026-34055
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio
11:08 KSA
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in `library/pnotes.inc.php` perform updates and deletes using `WHERE id = ?` without verifying that the note belon…
CVE-2026-3629
The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation in all versions up
11:22 KSA
The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.29.7. This is due to the 'save_extra_user_profile_fields' function not properly restricting which user meta keys can be updated via profile…
CVE-2026-4021
The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in
11:22 KSA
The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in `users-registry-check-after-email-or-pin-confirmation.php` using the…
CVE-2019-25612
Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local a
11:22 KSA
Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field. Attackers can trigger the vulnerability through the Sy…
CVE-2026-2995
GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.1
11:08 KSA
GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content.
CVE-2026-33913
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio
11:08 KSA
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing `<xi:include href="file:///etc/passwd"…
CVE-2026-34056
OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access
11:08 KSA
OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper autho…
CVE-2026-24750
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attac
11:08 KSA
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later…
CVE-2026-33932
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio
11:08 KSA
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a CCDA document to execute arbitra…
CVE-2019-25552
CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submi
11:22 KSA
CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Attackers can paste a large string of repeated characters into the password input during the upload proc…
CVE-2019-25560
Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by pro
11:22 KSA
Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files. Attackers can create a crafted MP3 file with an oversized buffer and trigger the crash by opening the file through the Browse song …
CVE-2019-25579
phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbit
11:22 KSA
phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the path parameter. Attackers can send requests to the jQueryFileUploadmaster server endpoint with traversal sequences ../../../../..…
CVE-2019-25605
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials
11:22 KSA
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password func…
CVE-2019-25613
Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by
11:22 KSA
Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an …
CVE-2026-23482
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform perm
11:22 KSA
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform permission checks on the temp/ path and does not filter path traversal sequences, allowing unauthorized attackers to read arbitrary files on the server. When schedu…
CVE-2026-2580
The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnera
11:22 KSA
The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parame…
CVE-2026-32969
An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s a
11:22 KSA
An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
CVE-2026-33174
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, a
11:22 KSA
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the proxy controller loads the entire requested byte range into memory before sendi…
CVE-2026-33176
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to v
11:22 KSA
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation (e.g. `1e10000`), which `BigDecimal` expands …
CVE-2026-33241
Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`form_data()` method
11:22 KSA
Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`form_data()` method and `Extractible` macro) do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory (OOM) condit…
CVE-2026-3509
An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of th
11:22 KSA
An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.
CVE-2026-4306
The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to,
11:22 KSA
The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it pos…
CVE-2026-4640
Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated re
11:22 KSA
Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information.
CVE-2026-4645
A flaw was found in the `github.com/antchfx/xpath` component. A remote attacker could exploit this vulnerability by subm
11:22 KSA
A flaw was found in the `github.com/antchfx/xpath` component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the `logicalQuery.Select` function, leading to 100% CPU utili…
CVE-2026-4662
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all version
11:22 KSA
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3.8.6.1. This is due to the `filtered_query` parameter being excluded from the HMAC signature validation (allowing attacker-controlled i…
CVE-2026-4987
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amo
03:24 KSA
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the create_payment_intent() function performing a payment validation solely based on the …
CVE-2026-33247
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.1
11:08 KSA
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv (the command-line), then those credentials are visible to any us…
CVE-2026-33488
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `createKeys()` function in the L
11:22 KSA
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `createKeys()` function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public k…
CVE-2025-10679
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for
11:22 KSA
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to arbitrary method calls in all versions up to, and including, 2.2.12. This is due to insufficient input validation in the bulkTenRevi…
CVE-2026-1679
The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; ove
03:24 KSA
The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120). Exploit requires local code that can call the socket send API; no remote attacker can r…
CVE-2026-4528
A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of th
11:22 KSA
A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/http_proxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Re…
CVE-2026-4536
A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown proces
11:22 KSA
A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. The ve…
CVE-2026-4562
A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/c
11:22 KSA
A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. The attack may be performed from remote. The ex…
CVE-2026-4579
A vulnerability was identified in code-projects Simple Laundry System 1.0. This affects an unknown function of the file
11:22 KSA
A vulnerability was identified in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /viewdetail.php of the component Parameters Handler. The manipulation of the argument serviceId leads to sql injection. Remote exploitation of the attack is pos…
CVE-2026-4580
A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the
11:22 KSA
A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the component Parameters Handler. The manipulation of the argument serviceId results in sql injection. The attack can be executed…
CVE-2026-4581
A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /
11:22 KSA
A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checklogin.php of the component Parameters Handler. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out re…
CVE-2026-4594
A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy
11:22 KSA
A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hiberna…
CVE-2026-4612
A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the fi
11:22 KSA
A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod_users/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument account_id leads to sql injection. Remot…
CVE-2026-4613
A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /pr
11:22 KSA
A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be…
CVE-2026-4615
A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the
11:22 KSA
A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. The attack may be performed from remote. The exploit is publicly available an…
CVE-2026-4617
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element
11:22 KSA
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/api_patient_checkin.php of the component Patient Check-In Module. Executing a manipulation can lead to improper …
CVE-2026-4623
A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c
11:22 KSA
A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument ur…
CVE-2026-4624
A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown
11:22 KSA
A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack ca…
CVE-2026-4625
A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown function of the file /progr
11:22 KSA
A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown function of the file /programmes.php. Executing a manipulation of the argument program can lead to sql injection. The attack can be launched remotely. The exploit has been published and m…
CVE-2026-4632
A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of
11:22 KSA
A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack ma…
CVE-2026-4996
A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function delete_questi
15:22 KSA
A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function delete_question_and_answers/delete_docs/update_question_answer/update_docs/get_relevant_question_answers_by_id/get_relevant_docs_by_id of the file extensions/ee/vectorstores…
CVE-2026-4998
A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor
15:22 KSA
A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/code_execution/code_executor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. T…
CVE-2026-5000
A vulnerability was detected in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. Impacted is the f
15:22 KSA
A vulnerability was detected in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. Impacted is the function LocalGPTHandler of the file backend/server.py of the component API Endpoint. The manipulation of the argument BaseHTTPRequestHandler results in missing …
CVE-2026-5001
A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is
15:22 KSA
A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is the function do_POST of the file backend/server.py. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit…
CVE-2026-5002
A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The impacted el
15:22 KSA
A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The impacted element is the function _route_using_overviews of the file backend/server.py of the component LLM Prompt Handler. Such manipulation leads to injection. The attack…
CVE-2026-5016
A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of the file /mock of the
21:26 KSA
A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of the file /mock of the component URL Handler. Such manipulation of the argument req leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is …
CVE-2025-12886
The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,
03:24 KSA
The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating fro…
CVE-2026-23882
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP (Model Context Protocol) server creati
11:22 KSA
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP (Model Context Protocol) server creation function allows specifying arbitrary commands and arguments, which are executed when testing the connection. This issue has been patched in version 1.8.4.
CVE-2026-4611
A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the fu
11:22 KSA
A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched re…
CVE-2026-4627
A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_tim
11:22 KSA
A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This v…
CVE-2019-25573
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queri
11:22 KSA
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL …
CVE-2019-25638
Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute
11:22 KSA
Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL pay…
CVE-2025-36258
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive informat
11:08 KSA
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.
CVE-2026-33217
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.1
11:08 KSA
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs were not applied in the `$MQTT.>` namespace, allowing MQTT clients to bypass ACL checks for MQTT s…
CVE-2026-33493
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/import.json.php` endpoi
11:22 KSA
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/import.json.php` endpoint accepts a user-controlled `fileURI` POST parameter with only a regex check that the value ends in `.mp4`. Unlike `objects/listFiles.json.php`, which was hard…
CVE-2026-4545
A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown function in the library PR
11:22 KSA
A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown function in the library PROPSYS.dll. Performing a manipulation results in uncontrolled search path. The attack is only possible with local access. The attack is considered to have high c…
CVE-2026-4546
A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function in the library TextSha
11:22 KSA
A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function in the library TextShaping.dll. Executing a manipulation can lead to uncontrolled search path. The attack is restricted to local execution. The attack requires a high level of comple…
CVE-2025-14917
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could prov
11:08 KSA
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.
CVE-2025-15616
Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search pa
02:36 KSA
Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through various components including logcollector configuration, maild SMTP server tags, a…
CVE-2025-14790
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due
11:08 KSA
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials.
CVE-2025-14807
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper v
11:08 KSA
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, c…
CVE-2025-14915
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affecte
11:08 KSA
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server.
CVE-2025-15617
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to ex
02:36 KSA
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB_TOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing…
CVE-2026-1014
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON
11:08 KSA
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation.
CVE-2026-1307
The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Informati
02:36 KSA
The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.1 via a callback function for the admin_enqueue_scripts action handler in blocks/bootstrap.php. This make…
CVE-2026-20083
A vulnerability in the Secure Copy Protocol (SCP) server feature of Cisco IOS XE Software could allow an authenticated,
11:08 KSA
A vulnerability in the Secure Copy Protocol (SCP) server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper handling of a ma…
CVE-2026-20110
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of se
11:08 KSA
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability exists because incorrect privileges are associated with the start maintenance command. An att…
CVE-2026-23635
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of
11:08 KSA
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later …
CVE-2026-27496
n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user
11:08 KSA
n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain …
CVE-2026-27663
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base
11:08 KSA
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaust…
CVE-2026-3098
The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1
02:36 KSA
The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbi…
CVE-2026-3119
Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affec
11:08 KSA
Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration.
This issue affect…
CVE-2026-3121
A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where thi
11:08 KSA
A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administra…
CVE-2026-32120
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio
11:08 KSA
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the fee sheet product save logic (`library/FeeSheet.class.php`) allows any authenticated …
CVE-2026-33223
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.1
11:08 KSA
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header `Nats-Request-Info:` is supposed to be a guarantee of identity by the NATS server, but the stripping of this header from i…
CVE-2026-33246
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a
11:08 KSA
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a `Nats-Request-Info:` message header, providing information about a request. This is supposed to provide enough information to allow for account/user identifica…
CVE-2026-4075
The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'baf_sbox' s
11:08 KSA
The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'baf_sbox' shortcode in all versions up to and including 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes suc…
CVE-2026-4278
The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdc_menu' shortco
11:08 KSA
The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdc_menu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specific…
CVE-2026-4389
The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting v
11:08 KSA
The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `leafext-cookie-time` and `leafext-delete-cookie` shortcodes in all versions up to, and including, 3.1. This is due to insufficient input sanitization an…
CVE-2025-14810
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been mod
11:08 KSA
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient…
CVE-2026-4825
A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /up
11:08 KSA
A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /update_sales.php of the component HTTP GET Parameter Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. …
CVE-2026-4836
A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the
11:08 KSA
A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /my_account/delete.php. Performing a manipulation of the argument cos_id results in sql injection. It is possible to initiate the attack remotely. The expl…
CVE-2026-4876
A vulnerability was identified in itsourcecode Free Hotel Reservation System 1.0. The impacted element is an unknown fun
11:08 KSA
A vulnerability was identified in itsourcecode Free Hotel Reservation System 1.0. The impacted element is an unknown function of the file /admin/mod_amenities/index.php?view=editpic. Such manipulation of the argument ID leads to sql injection. The attack may be performed from rem…
CVE-2026-4907
A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted
02:36 KSA
A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component Endpoint. The manipulation of the argument url leads to server-side request forgery…
CVE-2026-4970
A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the
02:36 KSA
A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file delete_photos.php of the component Endpoint. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploi…
CVE-2026-4999
A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2. This issue af
02:36 KSA
A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2. This issue affects the function uploadFile of the file /server/utils/upload.js of the component isImg Check. The manipulation of the argument fileType leads to path traversa…
CVE-2026-5011
A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the fil
02:36 KSA
A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possi…
CVE-2018-25214
MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplyin
11:08 KSA
MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload to the Destination Address List field in the Finger function. Attackers can paste a crafted buffer exceeding expected input limits into t…
CVE-2018-25216
AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by suppl
11:08 KSA
AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can paste a 10000-byte payload into the 'Image file name' parameter during the 'Copy dis…
CVE-2019-25648
MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application
11:08 KSA
MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. Attackers can paste a malicious payload containing 10000 bytes into the 'Copy and …
CVE-2025-12708
IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user.
11:08 KSA
IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user.
CVE-2025-64646
IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not
11:08 KSA
IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.
CVE-2025-40842
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a
Cross-Site Scripting (XSS) vulnerability which, if exp
11:08 KSA
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a
Cross-Site Scripting (XSS) vulnerability which, if exploited, can lead to
unauthorized disclosure and modification of certain information.
CVE-2025-41026
Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaS
11:08 KSA
Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'app_login.php'.
CVE-2025-41027
Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaS
11:08 KSA
Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'app_recuperarclave.php'.
CVE-2026-1986
The FloristPress for Woo – Customize your eCommerce store for your Florist plugin for WordPress is vulnerable to Reflect
11:08 KSA
The FloristPress for Woo – Customize your eCommerce store for your Florist plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'noresults' parameter in all versions up to, and including, 7.8.2 due to insufficient input sanitization and output escaping on …
CVE-2026-20104
A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS93
11:08 KSA
A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Switches, and Cisco IE3500 and IE3505 Rugged Series Switches could allow an authenti…
CVE-2026-20115
A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confide
11:08 KSA
A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information.
This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this …
CVE-2026-28297
SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when
11:08 KSA
SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.
CVE-2026-4887
A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A re
11:08 KSA
A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosu…
CVE-2025-55266
HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carr
11:08 KSA
HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user.
CVE-2025-64648
IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive informatio
11:08 KSA
IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
CVE-2026-28298
SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when
11:08 KSA
SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.
CVE-2025-15615
Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-i
02:36 KSA
Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers ca…
CVE-2026-32983
خدمة authd في مدير Wazuh الموجودة في حزم wazuh-manager حتى الإصدار 4.7.3 تحتوي على ثغرة قيد غير كافٍ لإعادة التفاوض على
02:36 KSA
خدمة authd في مدير Wazuh الموجودة في حزم wazuh-manager حتى الإصدار 4.7.3 تحتوي على ثغرة قيد غير كافٍ لإعادة التفاوض على SSL/TLS التي يبدؤها العميل، مما يسمح للمهاجمين البعيدين بإحداث حالة عدم توفر الخدمة من خلال إرسال طلبات إعادة تفاوض مفرطة. يمكن للمهاجمين استغلال غياب حدود إعاد…
CVE-2026-27656
Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to properly validate
11:08 KSA
Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to properly validate user identity in the OpenID {{IsSameUser()}} comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring …
CVE-2026-4830
A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/
11:08 KSA
A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/explorer/userShare.class.php of the component Public Share Handler. Such manipulation leads to unrestricted upload. The attack can be executed remotely. This at…
CVE-2018-25215
Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cau
11:08 KSA
Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the 'E-Mail and Registrations Code' field. Attackers can paste a crafted payload containing 50…
CVE-2019-25649
River Past Audio Converter 7.7.16 contains a local buffer overflow vulnerability in the activation code field that allow
11:08 KSA
River Past Audio Converter 7.7.16 contains a local buffer overflow vulnerability in the activation code field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a large payload of repeated characters into the 'E-Mail a…
CVE-2026-4897
A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to th
11:08 KSA
A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of …
CVE-2026-4948
A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D
02:36 KSA
A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper a…
CVE-2025-14912
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This ma
11:08 KSA
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2026-1015
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This ma
11:08 KSA
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2026-1561
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnera
11:08 KSA
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumerat…
CVE-2026-20108
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, rem
11:08 KSA
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.
This vulnerability is due to insufficient …
CVE-2026-20114
A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated,
11:08 KSA
A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users.
This vulnerability e…
⚠️ استخبارات التهديدات
19 تهديد
rss:The Hacker News
—
06:02 KSA
<strong>آبل ترسل تنبيهات على شاشة القفل لأجهزة iPhone القديمة بشأن استغلالات نشطة عبر الويب</strong>
ترسل شركة آبل إشعارات على شاشة القفل للمستخدمين الذين لديهم إصدارات قديمة من iOS وiPadOS تحذرهم من هجمات نشطة عبر الويب. يهدف هذا الإجراء الاستباقي إلى حماية المستخدمين من حملات …
rss:The Hacker News
—
06:02 KSA
<strong>وكالة CISA تضيف CVE-2025-53521 إلى قائمة الثغرات المستغلة بعد استغلال نشط لـ F5 BIG-IP APM</strong>
أضافت وكالة CISA ثغرة حرجة CVE-2025-53521 التي تؤثر على F5 BIG-IP Access Policy Manager إلى قائمة الثغرات المستغلة المعروفة بسبب الاستغلال النشط. يجب على المؤسسات التي تست…
rss:The Hacker News
—
06:02 KSA
<strong>TA446 تنشر مجموعة استغلال DarkSword لأجهزة iOS في حملة تصيد احترافية مستهدفة</strong>
تقوم مجموعة التهديد الروسية TA446 المدعومة من الدولة بحملات تصيد احترافية مستهدفة باستخدام مجموعة استغلال DarkSword لاختراق أجهزة iOS. يمثل هذا تهديداً متطوراً للأجهزة المحمولة يستهدف ا…
rss:SecurityWeek
—
06:02 KSA
<strong>أوبن إيه آي تطلق برنامج مكافآت الثغرات للمخاطر المتعلقة بالإساءة والسلامة</strong>
أطلقت أوبن إيه آي برنامج مكافآت للثغرات يركز على مخاطر الإساءة والسلامة في أنظمة الذكاء الاصطناعي الخاصة بها. يكافئ البرنامج الباحثين الذين يحددون عيوب التصميم أو التنفيذ التي قد تؤدي إلى …
rss:SecurityWeek
—
06:02 KSA
<strong>أخبار أخرى: عملية احتيال على موظفي التوظيف في بالو ألتو، شريحة مكافحة التزييف العميق، جوجل تحدد موعد 2029 للحوسبة الكمومية</strong>
تم الإبلاغ عن حوادث أمن سيبراني متعددة بما في ذلك عملية احتيال على موظفي التوظيف في بالو ألتو، واختراق بيانات بنك هيريتاج، واضطرابات في خدم…
rss:SecurityWeek
—
06:02 KSA
<strong>مجموعة قرصنة موالية لإيران تعلن مسؤوليتها عن اختراق الحساب الشخصي لمدير مكتب التحقيقات الفيدرالي كاش باتيل</strong>
أعلنت مجموعة قرصنة موالية لإيران مسؤوليتها عن اختراق الحساب الشخصي لمدير مكتب التحقيقات الفيدرالي كاش باتيل، وأتاحت رسائل البريد الإلكتروني والوثائق للتنزي…
rss:Recorded Future
—
06:01 KSA
<strong>ما الذي ينتظر استخبارات التهديدات المؤسسية في عام 2026</strong>
ستركز استخبارات التهديدات المؤسسية في عام 2026 على قدرات الاستخبارات المعززة بالذكاء الاصطناعي والمنصات الموحدة للتهديدات والتكامل الأعمق مع سير العمل. تعطي المؤسسات الأولوية لدمج البيانات وإثبات العائد على …
rss:Recorded Future
—
06:01 KSA
<strong>خط أنابيب الثغرات الأمنية الصينية: من الاكتشاف إلى النشر</strong>
تعمل الصين على مركزية السيطرة على ثغرات يوم الصفر لتعزيز القدرات السيبرانية الاستراتيجية. توفر سيطرة الدولة على اكتشاف واستغلال الثغرات الأمنية مزايا طويلة الأمد في العمليات السيبرانية وجمع المعلومات الاست…
rss:Recorded Future
—
06:01 KSA
<strong>معاملة بقيمة 0 دولار كشفت عن هجوم سيبراني لدولة قومية</strong>
كشفت معاملة بطاقة بقيمة صفر دولار عن هجوم سيبراني صيني مدعوم من الدولة يستهدف منصة الذكاء الاصطناعي لشركة Anthropic. يمكن لأنماط الاحتيال في اختبار البطاقات أن تكون مؤشرات إنذار مبكر لعمليات الدول القومية، مم…
rss:Malwarebytes Lab
—
06:01 KSA
<strong>Infiniti Stealer: برنامج سرقة معلومات جديد لنظام macOS يستخدم ClickFix وPython/Nuitka</strong>
برنامج سرقة معلومات جديد لنظام macOS يسمى Infiniti Stealer (المعروف سابقاً بـ NukeChain) يستخدم صفحات CAPTCHA مزيفة لخداع المستخدمين لتنفيذ أوامر خبيثة. تم بناء البرنامج باستخد…
rss:Malwarebytes Lab
—
06:01 KSA
<strong>موقع أفاست مزيف يحاكي فحص الفيروسات ويثبت برنامج Venom Stealer بدلاً منه</strong>
يقوم موقع احتيالي ينتحل صفة برنامج أفاست لمكافحة الفيروسات بإجراء فحوصات مزيفة ويخدع المستخدمين لتثبيت برنامج Venom Stealer الخبيث. يستهدف البرنامج كلمات المرور وبيانات جلسات المتصفح ومحافظ…
rss:Malwarebytes Lab
—
06:01 KSA
<strong>المجرمون يستأجرون هواتف افتراضية لتجاوز أمان البنوك</strong>
يستغل مجرمو الإنترنت خدمات الهواتف الافتراضية لتجاوز أنظمة كشف الاحتيال المصرفي. تبدو هذه الأجهزة الافتراضية شرعية بما يكفي لخداع التدابير الأمنية للبنوك، مما يتيح الوصول غير المصرح به إلى الحسابات المالية.
rss:Dark Reading
—
06:01 KSA
<strong>انخفاض الهجمات على البنية التحتية ذات العواقب المادية بنسبة 25%</strong>
انخفضت الهجمات على أنظمة التقنية التشغيلية في المواقع الصناعية والبنية التحتية الحيوية بنسبة 25%، ويُعزى ذلك إلى تراجع نشاط برامج الفدية ومعرفة المهاجمين المحدودة بأنظمة التقنية التشغيلية. ومع ذلك، …
rss:Dark Reading
—
06:01 KSA
<strong>الاستخدام الحربي لكاميرات المراقبة المخترقة يبرز خطورتها</strong>
تستغل عدة دول الكاميرات المتصلة بالإنترنت المخترقة لعمليات التجسس داخل أراضي الخصوم. يجب على المؤسسات تطبيق إجراءات أمنية أقوى ومراقبة أجهزة المراقبة المتصلة بإنترنت الأشياء لمنع الوصول غير المصرح به.
rss:Dark Reading
—
06:01 KSA
<strong>الصين تطور الباب الخلفي المستخدم للتجسس على شركات الاتصالات عالمياً</strong>
طورت مجموعة التهديدات الصينية Red Menshen برمجية BPFdoor الخبيثة لتجاوز وسائل الحماية السيبرانية التقليدية، مستهدفة شركات الاتصالات عالمياً. يشكل هذا الباب الخلفي المتطور تحديات كبيرة في الكشف، …
rss:CISA Advisories
—
06:01 KSA
<strong>بوابة المراسلة وUSSD من OpenCode Systems</strong>
تسمح ثغرة في بوابة المراسلة وUSSD من OpenCode Systems للمستخدمين المصادق عليهم ذوي الصلاحيات المنخفضة بالوصول إلى رسائل SMS خارج نطاق المستأجر المصرح لهم من خلال معاملات مصممة. يمثل هذا تجاوزاً للتفويض قد يؤدي إلى وصول غي…
rss:BleepingComputer
—
06:00 KSA
<strong>حزمة Telnyx على PyPI مخترقة تنشر برمجيات خبيثة مخفية في ملف صوتي WAV</strong>
اخترق قراصنة TeamPCP حزمة Telnyx على مستودع Python Package Index (PyPI)، ونشروا إصدارات خبيثة تحتوي على برمجيات لسرقة بيانات الاعتماد مخفية داخل ملفات صوتية بصيغة WAV. يستهدف هذا الهجوم على سلس…
rss:BleepingComputer
—
06:00 KSA
<strong>إدارة الحوكمة والمخاطر والامتثال الذكية: الفرق تحصل على التقنية، لكن التحول الفكري هو المفقود</strong>
تعمل أنظمة إدارة الحوكمة والمخاطر والامتثال الذكية على أتمتة سير العمل، لكنها تتطلب تحولاً في العقلية المؤسسية من التنفيذ التشغيلي إلى القيادة الاستراتيجية للمخاطر. ينا…
rss:BleepingComputer
—
06:00 KSA
<strong>تنبيهات مزيفة لـ VS Code على GitHub تنشر برمجيات خبيثة للمطورين</strong>
تستهدف حملة واسعة النطاق المطورين على GitHub من خلال تنبيهات أمنية مزيفة لـ Visual Studio Code منشورة في أقسام النقاش للمشاريع. ينتحل المهاجمون صفة التحذيرات الأمنية الشرعية لخداع المطورين لتنزيل وت…
📰 أخبار الأمن السيبراني
0 مقال
لا توجد أخبار مجمّعة اليوم حتى الآن
يتم تحديث هذه النشرة تلقائياً يومياً — آخر تحديث: 28 Mar 2026
أرشيف الثغرات ·
التهديدات ·
الأخبار