جاري التحميل
📧 info@ciso.sa | 📱 +966550939344 | الرياض، المملكة العربية السعودية
عن المنصة الأسئلة الشائعة اتصل بنا شروط الخدمة سياسة الخصوصية 🌐 English
🔐

مرحباً — سجّل دخولك أو أنشئ حساباً للوصول الكامل.

🔑 دخول ✨ حساب جديد
🌐 EN تسجيل الدخول إنشاء حساب
🔧 صيانة مجدولة — السبت 2:00-4:00 صباحاً. قد تكون بعض الميزات غير متاحة مؤقتاً.    ●   
💎
خطة Pro بخصم 50% احصل على جميع ميزات AI والتقارير غير المحدودة والدعم ذي الأولوية. ترقّ الآن
مركز البحث
ESC للإغلاق
تنقل فتح Ctrl+K بحث
CISO Consulting
Global vulnerability الأجهزة المحمولة / الإلكترونيات الاستهلاكية HIGH 1h Global malware الشبكات / البنية التحتية CRITICAL 2h Global ransomware تكنولوجيا المعلومات، البنية التحتية للمحاكاة الافتراضية CRITICAL 3h Global supply_chain تطوير البرمجيات وعمليات DevOps CRITICAL 4h Global supply_chain تطوير البرامج والتكنولوجيا CRITICAL 4h Global apt قطاعات متعددة HIGH 6h Global general المحتوى الرقمي وحقوق الملكية الفكرية MEDIUM 7h Global malware قطاع التكنولوجيا وتطوير البرامج CRITICAL 7h Global ddos تكنولوجيا ووسائل التواصل الاجتماعي HIGH 7h Global phishing الخدمات المالية والاتصالات والجمهور العام HIGH 8h Global vulnerability الأجهزة المحمولة / الإلكترونيات الاستهلاكية HIGH 1h Global malware الشبكات / البنية التحتية CRITICAL 2h Global ransomware تكنولوجيا المعلومات، البنية التحتية للمحاكاة الافتراضية CRITICAL 3h Global supply_chain تطوير البرمجيات وعمليات DevOps CRITICAL 4h Global supply_chain تطوير البرامج والتكنولوجيا CRITICAL 4h Global apt قطاعات متعددة HIGH 6h Global general المحتوى الرقمي وحقوق الملكية الفكرية MEDIUM 7h Global malware قطاع التكنولوجيا وتطوير البرامج CRITICAL 7h Global ddos تكنولوجيا ووسائل التواصل الاجتماعي HIGH 7h Global phishing الخدمات المالية والاتصالات والجمهور العام HIGH 8h Global vulnerability الأجهزة المحمولة / الإلكترونيات الاستهلاكية HIGH 1h Global malware الشبكات / البنية التحتية CRITICAL 2h Global ransomware تكنولوجيا المعلومات، البنية التحتية للمحاكاة الافتراضية CRITICAL 3h Global supply_chain تطوير البرمجيات وعمليات DevOps CRITICAL 4h Global supply_chain تطوير البرامج والتكنولوجيا CRITICAL 4h Global apt قطاعات متعددة HIGH 6h Global general المحتوى الرقمي وحقوق الملكية الفكرية MEDIUM 7h Global malware قطاع التكنولوجيا وتطوير البرامج CRITICAL 7h Global ddos تكنولوجيا ووسائل التواصل الاجتماعي HIGH 7h Global phishing الخدمات المالية والاتصالات والجمهور العام HIGH 8h
📅 النشرة الأمنية اليومية — 02 Apr 2026

🇸🇦 النشرة الأمنية السعودية

جميع الثغرات الأمنية والتهديدات والأخبار المجمّعة اليوم من مصادر موثوقة — محدّث باستمرار

02 Apr 2026 اليوم
200 ثغرة
21 تهديد
0 خبر
12 حرجة
8 CISA KEV
🛡 الثغرات الأمنية (CVE)
200 ثغرة
CVE-2026-33669
الوصول غير المصرح به للمستندات في SiYuan عبر تعداد واجهة برمجية
03:24 KSA
حرج CVSS 9.8 CWE-125
تحتوي نسخ SiYuan السابقة للإصدار 3.6.2 على ثغرة في التحكم بالوصول حيث يمكن للمهاجمين استرجاع معرفات المستندات عبر واجهة /api/file/readDir ثم استخدام واجهة /api/block/getChildBlocks للوصول إلى محتوى جميع المستندات. الثغرة تسمح بالوصول غير المصرح به إلى المعلومات الحساسة المخزنة في…
CVE-2026-33670
ثغرة اجتياز المجلدات في واجهة الملفات بنظام SiYuan
03:24 KSA
حرج CVSS 9.8 CWE-22
تعاني منصة إدارة المعرفة الشخصية SiYuan من ثغرة اجتياز مسار حرجة في واجهة برمجية /api/file/readDir قبل الإصدار 3.6.2. تسمح هذه الثغرة للمهاجمين بالوصول غير المصرح به إلى هياكل الملفات والمجلدات داخل دفاتر الملاحظات. يمكن استخدام هذا الثغرة لاستخراج معلومات حساسة عن تنظيم المستندا…
CVE-2026-3502
ثغرة تجاوز التحقق من سلامة الكود في آلية التحديث في عميل TrueConf
01:52 KSA
حرج CVSS 9.8 ⚠ CISA KEV
تحتوي نسخة عميل TrueConf على ثغرة في آلية التحقق من سلامة التحديثات، مما يسمح للمهاجمين بالتأثير على مسار توصيل التحديثات واستبدال الحمولات الأصلية بنسخ معدلة. عند تنفيذ أو تثبيت الحمولة المعدلة من قبل برنامج التحديث، قد يؤدي ذلك إلى تنفيذ كود عشوائي في سياق عملية التحديث أو حساب…
CVE-2026-33757
ثغرة OpenBao في المصادقة عبر JWT/OIDC بوضع الاستدعاء المباشر تسمح بالتصيد الاحتيالي
03:24 KSA
حرج CVSS 9.6 CWE-384
يحتوي OpenBao على ثغرة أمنية حرجة في آلية المصادقة JWT/OIDC حيث لا يطلب تأكيداً من المستخدم عند استخدام وضع رد الاتصال المباشر. يمكن للمهاجم إنشاء رابط تصيد احتيالي يؤدي إلى تسجيل دخول تلقائي للضحية إلى جلسة المهاجم. يستطيع المهاجم الاستطلاع عن رموز المصادقة حتى يتم إصدارها دون ت…
CVE-2026-33152
هجوم القوة الغاشمة على Tandoor Recipes عبر نقاط نهاية API غير محدودة المعدل
03:24 KSA
حرج CVSS 9.1 CWE-307
يحتوي تطبيق Tandoor Recipes على ثغرة في المصادقة حيث يتم تكوين Django REST Framework مع BasicAuthentication كخيار افتراضي دون تطبيق تحديد معدل على نقاط النهاية. يمكن للمهاجمين استهداف أي نقطة نهاية API بطلبات غير محدودة باستخدام رؤوس Authorization: Basic لتخمين كلمات المرور. الإص…
CVE-2015-2546
ثغرة تلف الذاكرة في Microsoft Win32k
11:01 KSA
حرج CVSS 9.0 ⚠ CISA KEV
برنامج التشغيل في وضع النواة في نظام التشغيل Microsoft Windows والخوادم يسمح للمستخدمين المحليين بزيادة الامتيازات عن طريق تطبيق معد خصيصا
CVE-2015-2590
Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability — An unspecified vulnerability exists within Ora
11:01 KSA
حرج CVSS 9.0 ⚠ CISA KEV
Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability — An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution.
CVE-2015-3035
ثغرة اجتياز المجلدات في أجهزة TP-Link Archer المتعددة
11:01 KSA
حرج CVSS 9.0 ⚠ CISA KEV
ثغرة اجتياز مجلدات في أجهزة TP-Link Archer المتعددة تسمح للمهاجمين البعيدين بقراءة ملفات عشوائية من النظام عن طريق إرسال طلب يحتوي على نقاط متتالية (..) في معامل PATH_INFO الموجه إلى صفحة تسجيل الدخول (login/). هذا يمكن المهاجم من الوصول إلى ملفات حساسة خارج المجلد المقصود.
CVE-2015-3043
ثغرة تلف الذاكرة في Adobe Flash Player
11:01 KSA
حرج CVSS 9.0 ⚠ CISA KEV
توجد ثغرة تلف ذاكرة في Adobe Flash Player تسمح للمهاجم بتنفيذ أكواد برمجية بشكل بعيد على النظام المتأثر
CVE-2015-3113
ثغرة تجاوز المخزن المؤقت في الكومة في Adobe Flash Player
11:01 KSA
حرج CVSS 9.0 ⚠ CISA KEV
ثغرة تجاوز مخزن مؤقت قائمة على الكومة في Adobe Flash Player تسمح للمهاجمين البعيدين بتنفيذ أكواد برمجية عشوائية
CVE-2015-4068
ثغرة اجتياز المجلدات في Arcserve Unified Data Protection (UDP)
11:01 KSA
حرج CVSS 9.0 ⚠ CISA KEV
ثغرة اجتياز المجلدات في Arcserve Unified Data Protection (UDP) تسمح للمهاجمين البعيدين بالوصول إلى معلومات حساسة أو التسبب في رفض الخدمة (DoS). يمكن للمهاجمين استغلال هذه الثغرة للتنقل عبر هيكل المجلدات والوصول إلى ملفات وموارد غير مصرح بها.
CVE-2015-4495
ثغرة تجاوز ميزة الأمان في موزيلا فايرفوكس
11:01 KSA
حرج CVSS 9.0 ⚠ CISA KEV
ثغرة تجاوز ميزة الأمان في موزيلا فايرفوكس تسمح للمهاجمين البعيدين بتجاوز سياسة نفس الأصل (Same Origin Policy) مما يمكنهم من قراءة ملفات عشوائية أو الحصول على امتيازات إضافية
CVE-2025-15101
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS ro
03:24 KSA
عالٍ CVSS 8.8 CWE-78
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with the existing privileges of an authenticated user on the affected device, includi…
CVE-2026-25099
Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension wi
03:24 KSA
عالٍ CVSS 8.8 CWE-434
Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension without restriction, which can then be executed, leading to Remote Code Execution. This issue was fixed in 3.18.4.
CVE-2026-26060
Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleet’s password management logic c
03:24 KSA
عالٍ CVSS 8.8 CWE-613
Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleet’s password management logic could allow previously issued password reset tokens to remain valid after a user changes their password. As a result, a stale password reset token could be reuse…
CVE-2026-29180
Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host
03:24 KSA
عالٍ CVSS 8.8 CWE-862
Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker g…
CVE-2026-2931
The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and includ
03:24 KSA
عالٍ CVSS 8.8 CWE-269
The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes i…
CVE-2026-33413
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9,
03:24 KSA
عالٍ CVSS 8.8 CWE-862
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or parti…
CVE-2026-33622
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.8.3` throug
03:24 KSA
عالٍ CVSS 8.8 CWE-94
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.8.3` through `v0.8.5` allow arbitrary JavaScript execution through `POST /wait` and `POST /tabs/{id}/wait` when the request uses `fn` mode, even if `security.allowEvaluate…
CVE-2026-33735
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypas
03:24 KSA
عالٍ CVSS 8.8 CWE-285
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the `/api/settings/import-database` endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entire…
CVE-2026-33767
WWBN AVideo is an open source video platform. In versions up to and including 26.0, in `objects/like.php`, the `getLike(
03:24 KSA
عالٍ CVSS 8.8 CWE-89
WWBN AVideo is an open source video platform. In versions up to and including 26.0, in `objects/like.php`, the `getLike()` method constructs a SQL query using a prepared statement placeholder (`?`) for `users_id` but directly concatenates `$this->videos_id` into the query string …
CVE-2026-34121
An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v
03:23 KSA
عالٍ CVSS 8.8 CWE-287
An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an…
CVE-2026-34791
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet
08:48 KSA
عالٍ CVSS 8.8 CWE-78
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_proxy.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection du…
CVE-2026-34792
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet
08:48 KSA
عالٍ CVSS 8.8 CWE-78
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_clamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection d…
CVE-2026-34793
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet
08:48 KSA
عالٍ CVSS 8.8 CWE-78
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_firewall.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection…
CVE-2026-34794
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet
08:48 KSA
عالٍ CVSS 8.8 CWE-78
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_ids.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due …
CVE-2026-34795
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet
10:32 KSA
عالٍ CVSS 8.8 CWE-78
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_log.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due …
CVE-2026-34796
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet
15:00 KSA
عالٍ CVSS 8.8 CWE-78
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_openvpn.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection …
CVE-2026-34797
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet
15:00 KSA
عالٍ CVSS 8.8 CWE-78
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_smtp.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due…
CVE-2026-3692
In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may cr
04:00 KSA
عالٍ CVSS 8.8 CWE-78
In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that results in unintended commands being executed on the server.
CVE-2026-4840
A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affected by this issue is the function setTo
03:24 KSA
عالٍ CVSS 8.8 CWE-77
A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affected by this issue is the function setTools of the file /bin/netis.cgi of the component Diagnostic Tool Interface. Performing a manipulation of the argument IpAddr results in os command injection. Rem…
CVE-2026-4861
A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function ftext of the file /
03:24 KSA
عالٍ CVSS 8.8 CWE-119
A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function ftext of the file /cgi-bin/nas.cgi. This manipulation of the argument Content-Length causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been…
CVE-2026-4862
A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the functio
03:24 KSA
عالٍ CVSS 8.8 CWE-119
A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer overflow.…
CVE-2026-4902
A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addr
03:24 KSA
عالٍ CVSS 8.8 CWE-119
A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely.…
CVE-2026-4903
A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /gofo
03:24 KSA
عالٍ CVSS 8.8 CWE-119
A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initi…
CVE-2026-4904
A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/
03:24 KSA
عالٍ CVSS 8.8 CWE-119
A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remot…
CVE-2026-4905
A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsO
03:24 KSA
عالٍ CVSS 8.8 CWE-119
A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the att…
CVE-2026-4906
A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /gof
03:24 KSA
عالٍ CVSS 8.8 CWE-119
A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack c…
CVE-2026-4974
A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /gofor
03:24 KSA
عالٍ CVSS 8.8 CWE-119
A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to …
CVE-2026-4975
A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcf
03:24 KSA
عالٍ CVSS 8.8 CWE-119
A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. …
CVE-2026-5004
A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin
15:22 KSA
عالٍ CVSS 8.8 CWE-119
A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffer overflow. It is possible to lau…
CVE-2026-5350
A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of t
16:48 KSA
عالٍ CVSS 8.8 CWE-119
A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stack-based buffer overflow. The attack can be launched remotely. The exploit has bee…
CVE-2026-5349
A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file
16:48 KSA
عالٍ CVSS 8.8 CWE-119
A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly ava…
CVE-2026-34728
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handl
21:54 KSA
عالٍ CVSS 8.7 CWE-22
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory…
CVE-2026-32857
Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Pl
03:24 KSA
عالٍ CVSS 8.6 CWE-918
Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations. Attacker…
CVE-2026-33661
Pay is an open-source payment SDK extension package for various Chinese payment services. Prior to version 3.7.20, the `
03:24 KSA
عالٍ CVSS 8.6 CWE-290
Pay is an open-source payment SDK extension package for various Chinese payment services. Prior to version 3.7.20, the `verify_wechat_sign()` function in `src/Functions.php` unconditionally skips all signature verification when the PSR-7 request reports `localhost` as the host. A…
CVE-2016-20037
xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute a
03:24 KSA
عالٍ CVSS 8.4 CWE-787
xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer boundaries. Attackers can craft malicious command-line arguments with 262 bytes of junk …
CVE-2016-20038
yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary cod
03:24 KSA
عالٍ CVSS 8.4 CWE-787
yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address …
CVE-2016-20039
Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allo
09:57 KSA
عالٍ CVSS 8.4 CWE-787
Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized gamma parameter value to overflow the stack buffer and …
CVE-2016-20040
TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attacke
09:57 KSA
عالٍ CVSS 8.4 CWE-22
TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized ROM parameter to the tiemu command-line interface to overflow the stack…
CVE-2016-20041
Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute ar
09:57 KSA
عالٍ CVSS 8.4 CWE-22
Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a ret…
CVE-2016-20042
TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by suppl
09:57 KSA
عالٍ CVSS 8.4 CWE-787
TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Attackers can craft a malicious command-line argument with 156 bytes of padding followed by a return address to o…
CVE-2016-20043
NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary
09:57 KSA
عالٍ CVSS 8.4 CWE-787
NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value …
CVE-2016-20044
PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by
09:57 KSA
عالٍ CVSS 8.4 CWE-787
PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to over…
CVE-2016-20045
HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary
09:57 KSA
عالٍ CVSS 8.4 CWE-787
HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -rc command-line parameter. Attackers can craft a malicious input string exceeding 108 bytes containing shellcode…
CVE-2016-20046
zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connection
09:57 KSA
عالٍ CVSS 8.4 CWE-787
zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allo…
CVE-2016-20047
EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling that allows local at
09:57 KSA
عالٍ CVSS 8.4 CWE-787
EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling that allows local attackers to execute arbitrary code by supplying an oversized username string. Attackers can trigger the overflow in the strlcpy function by passing a crafted buf…
CVE-2016-20048
iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code
09:57 KSA
عالٍ CVSS 8.4 CWE-22
iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to over…
CVE-2017-20226
Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code
15:22 KSA
عالٍ CVSS 8.4 CWE-787
Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Attackers can craft a malicious buffer with junk data, return address, NOP instructions, and shellcode to overflow the …
CVE-2017-20228
Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbit
15:22 KSA
عالٍ CVSS 8.4 CWE-787
Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointe…
CVE-2018-25212
Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows
03:24 KSA
عالٍ CVSS 8.4 CWE-787
Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Attackers can create a specially crafted WAV file with excessive data and ROP gadgets to o…
CVE-2018-25213
Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to
03:24 KSA
عالٍ CVSS 8.4 CWE-787
Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input to the DNS Lookup tool. Attackers can craft a payload with SEH chain overwrite and inject shellcode through…
CVE-2018-25217
PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) overflow vulnerability that allows local attackers t
03:24 KSA
عالٍ CVSS 8.4 CWE-787
PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains th…
CVE-2018-25218
PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vulnerability that all
03:24 KSA
عالٍ CVSS 8.4 CWE-787
PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a payload with a buffer overflow, NSEH jump, and shellcode, …
CVE-2018-25219
PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow vulnerability that allows
03:24 KSA
عالٍ CVSS 8.4 CWE-787
PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the registration code field. Attackers can craft a buffer overflow payload with a…
CVE-2018-25222
SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by s
15:22 KSA
عالٍ CVSS 8.4 CWE-787
SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 1052 bytes to overwrite the instruction pointer a…
CVE-2018-25224
PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arb
15:22 KSA
عالٍ CVSS 8.4 CWE-306
PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffe…
CVE-2018-25225
SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arb
15:22 KSA
عالٍ CVSS 8.4 CWE-306
SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer,…
CVE-2019-25650
River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local att
03:24 KSA
عالٍ CVSS 8.4 CWE-787
River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll name field. Attackers can craft a payload with a 280-byte buffer, NSEH jump…
CVE-2026-22593
EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename
03:24 KSA
عالٍ CVSS 8.4 CWE-193
EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a stack-based buffer overflow when a filename length equals `MAX_FILE_NAME_LENGTH` (100). A crafted filename in the certificate directory can o…
CVE-2026-23995
EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initi
03:24 KSA
عالٍ CVSS 8.4 CWE-121
EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ (16) to CAN open routines overflows `ifreq.ifr_name`, corrupting adjacent stack data and enabling pote…
CVE-2019-25651
Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP
03:24 KSA
عالٍ CVSS 8.3 CWE-327
Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cry…
CVE-2025-55262
HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensiti
03:24 KSA
عالٍ CVSS 8.3 CWE-798
HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensitive information from the database.
CVE-2018-25202
SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting S
03:24 KSA
عالٍ CVSS 8.2 CWE-89
SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit POST requests with boolean-based blind, stacked queries, or time-based blind SQL…
CVE-2018-25203
Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate
03:24 KSA
عالٍ CVSS 8.2 CWE-89
Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with the action=clientaccess parameter using b…
CVE-2018-25205
ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL comma
03:24 KSA
عالٍ CVSS 8.2 CWE-89
ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to e…
CVE-2018-25206
KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'my_ite
03:24 KSA
عالٍ CVSS 8.2 CWE-89
KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'my_item_search' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based bl…
CVE-2018-25208
qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information b
03:24 KSA
عالٍ CVSS 8.2 CWE-89
qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filter_by parameters. Attackers can submit malicious POST requests to the timeReport endpoint with crafted filter_by[CommentCreated…
CVE-2018-25209
OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthenticated attackers t
03:24 KSA
عالٍ CVSS 8.2 CWE-89
OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthenticated attackers to manipulate database queries through the username parameter. Attackers can submit POST requests to /bin/controller.php with malicious SQL code in the username …
CVE-2026-33941
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Hand
03:24 KSA
عالٍ CVSS 8.2 CWE-79
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.js`) concatenates user-controlled strings — template file names and several CLI options — directly i…
CVE-2025-12805
A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to
03:24 KSA
عالٍ CVSS 8.1 CWE-653
A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As…
CVE-2025-41368
Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote us
03:24 KSA
عالٍ CVSS 8.1 CWE-22
Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on…
CVE-2026-34742
The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol (MCP) Go SDK does no
03:23 KSA
عالٍ CVSS 8.1 CWE-1188
The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol (MCP) Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTT…
CVE-2026-4347
The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via
19:32 KSA
عالٍ CVSS 8.1 CWE-22
The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generate_user_filepath' function and the 'move_temp_file_to_upload_dir' function in all versions up to, and including, 5.1.0. This makes it possible for un…
CVE-2026-3108
Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to sanitize user-cont
03:24 KSA
عالٍ CVSS 8.0 CWE-150
Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and …
CVE-2026-4248
The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and incl
03:24 KSA
عالٍ CVSS 8.0 CWE-285
The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the '{usermeta:password_reset_link}' template tag being processed within post content via the '[um_loggedin]' shortcode, which gen…
CVE-2018-25211
Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability that allows local attackers to cause a denial of
03:24 KSA
عالٍ CVSS 7.8 CWE-787
Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service or execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious payload exceeding 780 bytes, paste…
CVE-2025-41359
Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable lo
03:24 KSA
عالٍ CVSS 7.8 CWE-428
Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files (x86)\shttps_mg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name i…
CVE-2026-27309
Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbi
03:24 KSA
عالٍ CVSS 7.8 CWE-416
Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-33711
Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API reli
03:24 KSA
عالٍ CVSS 7.8 CWE-61
Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the user prior to deletion. As versions prior to 6.23.…
CVE-2026-34576
Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST /public/v1/upload-from-url endpoint acce
04:00 KSA
عالٍ CVSS 7.7 CWE-918
Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST /public/v1/upload-from-url endpoint accepts a user-supplied URL and fetches it server-side using axios.get() with no SSRF protections. The only validation is a file extension check (.png, .jpg, etc.) …
CVE-2026-34426
OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment varia
03:23 KSA
عالٍ CVSS 7.6 CWE-184
OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval s…
CVE-2019-25652
UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification
03:24 KSA
عالٍ CVSS 7.5 CWE-295
UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attacke…
CVE-2023-7338
Ruckus Unleashed contains a remote code execution vulnerability in the web-based management interface that allows authen
03:24 KSA
عالٍ CVSS 7.5 CWE-78
Ruckus Unleashed contains a remote code execution vulnerability in the web-based management interface that allows authenticated remote attackers to execute arbitrary code on the system when gateway mode is enabled. Attackers can exploit this vulnerability by sending specially cra…
CVE-2026-2511
The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the `mu
03:24 KSA
عالٍ CVSS 7.5 CWE-89
The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the `multiformid` parameter in the `storeTickets()` function in all versions up to, and including, 3.0.4. This is due to the user-supplied `multiformid` value being pa…
CVE-2026-26008
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access (std::vector) that le
03:24 KSA
عالٍ CVSS 7.5 CWE-125
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access (std::vector) that leads to possible remote crash/memory corruption. This is because the CSMS sends UpdateAllowedEnergyTransferModes over the network. Version 2026.2.0 contains a pa…
CVE-2026-26061
Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthenticated HTTP endpoint
03:24 KSA
عالٍ CVSS 7.5 CWE-770
Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, c…
CVE-2026-27664
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base syst
03:24 KSA
عالٍ CVSS 7.5 CWE-787
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allo…
CVE-2026-27828
EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2
03:24 KSA
عالٍ CVSS 7.5 CWE-416
EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has been freed when ISO15118 initialization fails (e.g., no IPv6 link-local address). The EVSE process can be crashed remotely by an attacker wit…
CVE-2026-32748
Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetim
03:24 KSA
عالٍ CVSS 7.5 CWE-413
Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable …
CVE-2026-32846
OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allow
03:24 KSA
عالٍ CVSS 7.5 CWE-22
OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete valid…
CVE-2026-33182
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building
03:24 KSA
عالٍ CVSS 7.5 CWE-522
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and…
CVE-2026-33526
Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of
03:24 KSA
عالٍ CVSS 7.5 CWE-416
Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid servic…
CVE-2026-33614
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint du
21:21 KSA
عالٍ CVSS 7.5 CWE-89
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
CVE-2026-33616
An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpo
21:21 KSA
عالٍ CVSS 7.5 CWE-89
An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
CVE-2026-33699
pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attack
03:24 KSA
عالٍ CVSS 7.5 CWE-835
pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade…
CVE-2026-33867
WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo allows content owners to pass
03:24 KSA
عالٍ CVSS 7.5 CWE-312
WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo allows content owners to password-protect individual videos. The video password is stored in the database in plaintext — no hashing, salting, or encryption is applied. If an attacker gains …
CVE-2026-33871
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Fina
03:24 KSA
عالٍ CVSS 7.5 CWE-770
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service (DoS) against a Netty HTTP/2 server by sending a flood of `CONTINUATION` frames. The server's lack of a limit o…
CVE-2026-33935
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated att
03:24 KSA
عالٍ CVSS 7.5 CWE-307
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three pass…
CVE-2026-33951
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the Signal
21:16 KSA
عالٍ CVSS 7.5 CWE-284
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT /s…
CVE-2026-34752
Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the H
03:23 KSA
عالٍ CVSS 7.5 CWE-248
Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the Haraka worker process. This issue has been patched in version 3.1.4.
CVE-2026-3622
The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-boun
03:24 KSA
عالٍ CVSS 7.5 CWE-125
The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condi…
CVE-2026-4987
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amo
03:24 KSA
عالٍ CVSS 7.5 CWE-20
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the create_payment_intent() function performing a payment validation solely based on the …
CVE-2026-5032
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.
19:32 KSA
عالٍ CVSS 7.5 CWE-200
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which…
CVE-2026-33745
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP
03:24 KSA
عالٍ CVSS 7.4 CWE-200
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin HTTP redirects (301/302/307/308). A …
CVE-2025-55263
HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or i
03:24 KSA
عالٍ CVSS 7.3 CWE-798
HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or if it is stored in insecure repositories, they can easily retrieve these hardcoded secrets.
CVE-2026-1679
The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; ove
03:24 KSA
عالٍ CVSS 7.3 CWE-120
The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120). Exploit requires local code that can call the socket send API; no remote attacker can r…
CVE-2026-4839
A vulnerability has been found in SourceCodester Food Ordering System 1.0. This affects an unknown function of the file
03:24 KSA
عالٍ CVSS 7.3 CWE-74
A vulnerability has been found in SourceCodester Food Ordering System 1.0. This affects an unknown function of the file /purchase.php of the component Parameter Handler. The manipulation of the argument custom leads to sql injection. The attack can be initiated remotely. The expl…
CVE-2026-4841
A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the fil
03:24 KSA
عالٍ CVSS 7.3 CWE-74
A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file form/cart.php of the component Shopping Cart Module. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remote…
CVE-2026-4850
A security flaw has been discovered in code-projects Simple Laundry System 1.0. Affected is an unknown function of the f
03:24 KSA
عالٍ CVSS 7.3 CWE-74
A security flaw has been discovered in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checkregisitem.php of the component Parameter Handler. The manipulation of the argument Long-arm-shirtVol results in sql injection. The attack may be launc…
CVE-2026-4860
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the function GenericFastJsonR
03:24 KSA
عالٍ CVSS 7.3 CWE-20
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the function GenericFastJsonRedisSerializer of the file src/main/java/com/genersoft/iot/vmp/conf/redis/RedisTemplateConfig.java of the component API Endpoint. The manipulation results in de…
CVE-2026-4908
A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the
03:24 KSA
عالٍ CVSS 7.3 CWE-74
A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from re…
CVE-2026-4955
A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the
03:24 KSA
عالٍ CVSS 7.3 CWE-74
A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made …
CVE-2026-4956
A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown f
03:24 KSA
عالٍ CVSS 7.3 CWE-74
A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The att…
CVE-2026-4959
A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function check_user of the file XAgentServer/applica
03:24 KSA
عالٍ CVSS 7.3 CWE-287
A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function check_user of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a manipulation of the argument interaction_id results in missing authentica…
CVE-2026-4996
A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function delete_questi
15:22 KSA
عالٍ CVSS 7.3 CWE-74
A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function delete_question_and_answers/delete_docs/update_question_answer/update_docs/get_relevant_question_answers_by_id/get_relevant_docs_by_id of the file extensions/ee/vectorstores…
CVE-2026-4998
A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor
15:22 KSA
عالٍ CVSS 7.3 CWE-74
A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/code_execution/code_executor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. T…
CVE-2026-5000
A vulnerability was detected in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. Impacted is the f
15:22 KSA
عالٍ CVSS 7.3 CWE-287
A vulnerability was detected in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. Impacted is the function LocalGPTHandler of the file backend/server.py of the component API Endpoint. The manipulation of the argument BaseHTTPRequestHandler results in missing …
CVE-2026-5001
A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is
15:22 KSA
عالٍ CVSS 7.3 CWE-284
A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is the function do_POST of the file backend/server.py. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit…
CVE-2026-5002
A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The impacted el
15:22 KSA
عالٍ CVSS 7.3 CWE-74
A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The impacted element is the function _route_using_overviews of the file backend/server.py of the component LLM Prompt Handler. Such manipulation leads to injection. The attack…
CVE-2026-5244
A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mo
19:32 KSA
عالٍ CVSS 7.3 CWE-119
A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. Th…
CVE-2026-5418
A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of th
03:23 KSA
عالٍ CVSS 7.3 CWE-918
A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side req…
CVE-2026-5368
A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of t
03:23 KSA
عالٍ CVSS 7.3 CWE-74
A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possib…
CVE-2026-5346
A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client.get of the file src
15:00 KSA
عالٍ CVSS 7.3 CWE-918
A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client.get of the file src/mcp-server.js of the component image-to-base64 Endpoint. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible t…
CVE-2026-5334
A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file
04:16 KSA
عالٍ CVSS 7.3 CWE-74
A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This manipulation of the argument deptid causes sql injection. The attack is possible …
CVE-2026-5333
A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown pro
04:16 KSA
عالٍ CVSS 7.3 CWE-74
A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host results in command injection. The attack can be executed remotely. The exploit has b…
CVE-2026-5322
A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69
19:32 KSA
عالٍ CVSS 7.3 CWE-74
A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads …
CVE-2026-5320
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality o
19:32 KSA
عالٍ CVSS 7.3 CWE-287
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely.…
CVE-2025-12886
The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,
03:24 KSA
عالٍ CVSS 7.2 CWE-918
The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating fro…
CVE-2026-0686
The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5
19:32 KSA
عالٍ CVSS 7.2 CWE-918
The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 in the 'MF2::parse_authorpage' function via the 'Receiver::post' function. This makes it possible for unauthenticated attackers to make web requests to arb…
CVE-2026-2231
The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all vers
03:24 KSA
عالٍ CVSS 7.2 CWE-79
The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arb…
CVE-2026-29782
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, th
04:00 KSA
عالٍ CVSS 7.2 CWE-502
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the oauth2.php file in OpenSTAManager is an unauthenticated endpoint ($skip_permissions = true). It loads a record from the zz_oauth2 table using the attacker-con…
CVE-2026-3328
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the '
03:24 KSA
عالٍ CVSS 7.2 CWE-502
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'post_content' of admin_form posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's `maybe_unserialize()` function without cl…
CVE-2026-33613
Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulne
19:32 KSA
عالٍ CVSS 7.2 CWE-78
Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to wr…
CVE-2026-4329
The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP hea
03:24 KSA
عالٍ CVSS 7.2 CWE-79
The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitize_text_field() when capt…
CVE-2018-25207
Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated
03:24 KSA
عالٍ CVSS 7.1 CWE-89
Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST requests to quiz-system.php or add-category.php with crafted SQL payloads in PO…
CVE-2026-32734
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag
09:57 KSA
عالٍ CVSS 7.1 CWE-79
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3.
CVE-2026-33645
Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerabilit
03:24 KSA
عالٍ CVSS 7.1 CWE-22
Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare’s chunked upload endpoint allows an attacker to write arbitrary files outside the intended upload directory. The `checkSum` multipart field is us…
CVE-2026-33987
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry
09:57 KSA
عالٍ CVSS 7.1 CWE-122
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent->bmpSize is updated before winpr_aligned_recalloc(). If realloc fails, bmpSize is inflated while bmpData poin…
CVE-2026-34790
Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in
04:16 KSA
عالٍ CVSS 7.1 CWE-22
Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter to /cgi-bin/backup.cgi. The remove ARCHIVE parameter value is used to construct a file path without sanitization of directory trave…
CVE-2025-36375
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and I
15:21 KSA
متوسط CVSS 6.5 CWE-352
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute…
CVE-2026-1710
The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data
09:57 KSA
متوسط CVSS 6.5 CWE-285
The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_upe_appearance_ajax' function in all versions up to, and including, 10.5.1. This makes it possible for unauthent…
CVE-2026-20042
A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encrypt
09:57 KSA
متوسط CVSS 6.5 CWE-295
A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are inc…
CVE-2026-20095
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with ad
09:57 KSA
متوسط CVSS 6.5 CWE-77
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and&nbsp;execute arbitrary commands as the root user. This vulnerability is d…
CVE-2026-20096
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with ad
09:57 KSA
متوسط CVSS 6.5 CWE-77
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and&nbsp;execute arbitrary commands as the root user. This vulnerability is d…
CVE-2026-20097
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with ad
09:57 KSA
متوسط CVSS 6.5 CWE-787
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user.&nbsp;This vulnerability is due to improper validation of user-supplied input to the web-based m…
CVE-2026-30521
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validati
09:57 KSA
متوسط CVSS 6.5 CWE-602
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negativ…
CVE-2026-30522
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validati
09:57 KSA
متوسط CVSS 6.5 CWE-602
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users f…
CVE-2026-32976
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected s
09:57 KSA
متوسط CVSS 6.5 CWE-639
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected sibling-account configuration despite configWrites restrictions. Attackers with authorized access on one account can execute channel commands like /config set ch…
CVE-2026-33027
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly
09:57 KSA
متوسط CVSS 6.5 CWE-22
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and exe…
CVE-2026-33576
OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization.
09:57 KSA
متوسط CVSS 6.5 CWE-863
OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected.
CVE-2026-33580
OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication th
09:57 KSA
متوسط CVSS 6.5 CWE-307
OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication that allows attackers to brute-force weak shared secrets. Attackers who can reach the webhook endpoint can exploit this to forge inbound webhook events by repeate…
CVE-2026-33952
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated auth_length fie
09:57 KSA
متوسط CVSS 6.5 CWE-617
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated auth_length field read from the network triggers a WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks(), causing any FreeRDP client connecting through a malicious RDP …
CVE-2026-33977
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can cra
09:57 KSA
متوسط CVSS 6.5 CWE-617
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value (>= 89). The unvalidated step index is read directly fr…
CVE-2026-34215
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version
09:57 KSA
متوسط CVSS 6.5 CWE-200
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.63 and 9.7.0-alpha.7, the verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access t…
CVE-2026-34505
OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypa
09:57 KSA
متوسط CVSS 6.5 CWE-307
OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets without triggering rate limit respons…
CVE-2026-35000
ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementa
09:57 KSA
متوسط CVSS 6.5 CWE-184
ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary local files by using unblocked XPath 3.0/3.1 functions such as json-doc() and similar file-access primitives. Attac…
CVE-2026-4668
The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the `s
09:57 KSA
متوسط CVSS 6.5 CWE-89
The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the `sort` parameter in the payments listing endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on the user-supplied `sort` pa…
CVE-2026-5330
A vulnerability was found in SourceCodester/mayuri_k Best Courier Management System 1.0. Affected by this issue is some
21:30 KSA
متوسط CVSS 6.5 CWE-266
A vulnerability was found in SourceCodester/mayuri_k Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_user of the component User Delete Handler. Performing a manipulation of the argument ID results in imp…
CVE-2025-13535
The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Sc
09:57 KSA
متوسط CVSS 6.4 CWE-79
The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, 51.1.38. This is due to insufficient input sanitization and output escaping across multiple widget…
CVE-2026-0688
The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5
21:30 KSA
متوسط CVSS 6.4 CWE-918
The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 via the 'Tools::read' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitra…
CVE-2026-1834
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin'
09:57 KSA
متوسط CVSS 6.4 CWE-80
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This mak…
CVE-2026-2480
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the
09:57 KSA
متوسط CVSS 6.4 CWE-79
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'max_width' attribute of the `su_box` shortcode in all versions up to, and including, 7.4.10 due to insufficient input sanitization and output escaping on user…
CVE-2026-34716
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo YPTSocket plugin's caller feature r
09:57 KSA
متوسط CVSS 6.4 CWE-79
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo YPTSocket plugin's caller feature renders incoming call notifications using the jQuery Toast Plugin, passing the caller's display name directly as the heading parameter. The toast plugin construc…
CVE-2026-34798
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/ro
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/routing.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34799
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dns
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/hosts/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34800
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the NAME parameter to /cgi-bin/upli
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the NAME parameter to /cgi-bin/uplinkeditor.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34801
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dhc
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dhcp/fixed_leases/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34802
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark user ham spam parameter
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark user ham spam parameter to /cgi-bin/salearn.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34803
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the name parameter to /manage/qos/c
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the name parameter to /manage/qos/classes/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34804
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the dscp parameter to /manage/qos/r
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the dscp parameter to /manage/qos/rules/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34805
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/dn
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/dnat.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34806
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/sn
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/snat.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34807
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/in
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/incoming.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34808
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/ou
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/outgoingfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34809
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/zo
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/zonefw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34810
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/vp
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/vpnfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34811
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/xt
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/xtaccess.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34812
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes parameter to /cgi-bin
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes parameter to /cgi-bin/proxypolicy.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34813
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/prox
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34814
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/pro
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34815
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the DOMAIN parameter to /cgi-bin/sm
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the DOMAIN parameter to /cgi-bin/smtpdomains.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34816
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain parameter to /manage/smt
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain parameter to /manage/smtpscan/domainrouting/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34817
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-b
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34818
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dns
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34819
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK parameter to /cgi-bin/op
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34820
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/ips
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34821
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/vpn
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/vpnauthentication/user/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34822
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_name parameter to /man
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_name parameter to /manage/ca/certificate/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVE-2026-34823
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/pas
21:30 KSA
متوسط CVSS 6.4 CWE-79
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/password/web/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
⚠️ استخبارات التهديدات
21 تهديد
rss:The Hacker News
15:52 KSA
حرج vulnerability
<strong>آبل توسع تحديث iOS 18.7.7 لمزيد من الأجهزة لحظر استغلال DarkSword</strong> أصدرت آبل تحديثات iOS 18.7.7 وiPadOS 18.7.7 لأجهزة إضافية للحماية من مجموعة استغلال DarkSword. يعالج التحديث الطارئ ثغرات حرجة يتم استغلالها بنشاط.
rss:The Hacker News
14:48 KSA
حرج malware
<strong>واتساب تحذر 200 مستخدم بعد تثبيت تطبيق iOS مزيف يحتوي على برامج تجسس؛ شركة إيطالية تواجه إجراءات قانونية</strong> حذرت واتساب حوالي 200 مستخدم تم خداعهم لتثبيت تطبيق iOS مزيف يحتوي على برامج تجسس. غالبية الأهداف موجودون في إيطاليا، وتواجه شركة إيطالية إجراءات قانونية فيم…
rss:The Hacker News
14:48 KSA
متوسط supply_chain
<strong>تقرير حالة المصادر المفتوحة الموثوقة</strong> تقرير شامل يحلل أنماط استهلاك البرمجيات مفتوحة المصدر عبر صور الحاويات ومكتبات اللغات والبناءات. يقدم التقرير رؤى حول اتجاهات الأمن واستخدام المصادر المفتوحة الموثوقة من بيانات ديسمبر 2025.
rss:The Hacker News
14:48 KSA
عالٍ malware
<strong>باحثون يكشفون عن عملية تعدين تستخدم ملفات ISO كطعم لنشر أحصنة طروادة وبرامج التعدين</strong> تم رصد عملية تهديد ذات دوافع مالية (REF1695) تستخدم برامج تثبيت مزيفة لنشر أحصنة طروادة للوصول عن بعد وبرامج تعدين العملات المشفرة منذ نوفمبر 2023. يحقق المهاجمون الأرباح من خلال…
rss:The Hacker News
13:42 KSA
متوسط general
<strong>نشرة ThreatsDay: سلاسل ما قبل المصادقة، برمجيات الجذر لأندرويد، التهرب من CloudTrail و10 قصص أخرى</strong> توفر نشرة ThreatsDay ملخصاً شاملاً للتهديدات السيبرانية الحالية بما في ذلك سلاسل استغلال ما قبل المصادقة وبرمجيات الجذر لأندرويد وتقنيات التهرب من AWS CloudTrail. ت…
rss:The Hacker News
13:42 KSA
حرج vulnerability
<strong>سيسكو تصدر تحديثات لثغرات حرجة في IMC وSSM بدرجة خطورة 9.8 تسمح باختراق الأنظمة عن بُعد</strong> أصدرت سيسكو تحديثات أمنية حرجة لثغرات في وحدة التحكم بالإدارة المتكاملة (IMC) وSSM بدرجة خطورة 9.8 على مقياس CVSS. تسمح الثغرات للمهاجمين عن بُعد بتجاوز المصادقة والحصول على …
rss:The Hacker News
13:42 KSA
حرج vulnerability
<strong>قراصنة يستغلون ثغرة CVE-2025-55182 لاختراق 766 خادم Next.js وسرقة بيانات الاعتماد</strong> استغل المهاجمون ثغرة React2Shell (CVE-2025-55182) في حملة واسعة النطاق لسرقة بيانات الاعتماد استهدفت 766 خادم Next.js. تشمل البيانات المسروقة بيانات اعتماد قواعد البيانات ومفاتيح S…
rss:Dark Reading
11:32 KSA
حرج ransomware
<strong>برامج الفدية ستضرب المستشفيات. التدريبات هي مفتاح الدفاع</strong> تواجه المؤسسات الصحية هجمات فدية حتمية قد تسبب انقطاعات تشغيلية قصيرة أو طويلة الأمد. يؤكد كبير مسؤولي المعلومات الطبية على الأهمية الحاسمة لإجراء التدريبات وتمارين الاستعداد لتقليل اضطراب رعاية المرضى وضم…
rss:Dark Reading
11:32 KSA
عالٍ malware
<strong>حصان طروادة المصرفي &#039;كاسبانيرو&#039; ينتشر عبر أمريكا اللاتينية</strong> يشن حصان طروادة المصرفي كاسبانيرو حملات متطورة متعددة المراحل تستهدف المستخدمين الناطقين بالإسبانية في أمريكا اللاتينية. تستخدم البرمجية الخبيثة تقنيات تهرب متقدمة وقدرات تكرار سريعة لسرقة بيان…
rss:Dark Reading
11:32 KSA
متوسط general
<strong>مؤتمر RSAC 2026: الذكاء الاصطناعي يهيمن، لكن المجتمع يبقى مفتاح الأمن</strong> هيمن الذكاء الاصطناعي على النقاشات في مؤتمر RSAC 2026، حيث ناقش خبراء الأمن السيبراني التوازن بين الأتمتة والإشراف البشري. أكد المؤتمر على المخاوف المستمرة بشأن دور الذكاء الاصطناعي في اكتشاف …
rss:Dark Reading
10:22 KSA
منخفض general
<strong>مسؤولو الأمن يراهنون بالكامل على الذكاء الاصطناعي: إليكم السبب</strong> يستثمر مسؤولو أمن المعلومات بشكل متزايد في أدوات الأمن السيبراني المدعومة بالذكاء الاصطناعي مع خطط نشر متفائلة. يناقش مسؤول أمن المعلومات في Reddit ومحللون صناعيون نجاحات وتحديات تطبيق الذكاء الاصطنا…
rss:Dark Reading
10:22 KSA
عالٍ data_breach
<strong>ليس مجرد لعب: هجوم على هاسبرو قد يستغرق &#039;أسابيع&#039; لمعالجته</strong> كشفت شركة هاسبرو عن وصول غير مصرح به إلى أنظمتها في إفصاح رسمي، مما يشير إلى هجوم سيبراني كبير. قامت الشركة بتفعيل خطط استمرارية الأعمال وأوقفت الأنظمة المتأثرة حيث قد تمتد جهود المعالجة لأسابيع…
rss:Malwarebytes Lab
03:33 KSA
متوسط general
<strong>نزاع وكيل الذكاء الاصطناعي في ويكيبيديا قد يكون بداية كارثة الروبوتات</strong> تم حظر وكيل ذكاء اصطناعي من تحرير صفحات ويكيبيديا ونشر شكاوى علنية حول القرار. يسلط هذا الحادث الضوء على التحديات الأمنية والإدارية الناشئة مع اكتساب وكلاء الذكاء الاصطناعي الاستقلالية في المن…
rss:Malwarebytes Lab
03:33 KSA
منخفض general
<strong>Malwarebytes Privacy VPN يحصل على تدقيق كامل من طرف ثالث</strong> كلفت Malwarebytes بإجراء تدقيق أمني مستقل من طرف ثالث للبنية التحتية لخدمة VPN الخاصة بها. توفر نتائج التدقيق الشفافية والتحقق من الادعاءات الأمنية لخدمة VPN.
rss:Malwarebytes Lab
03:33 KSA
عالٍ vulnerability
<strong>آبل توسع تصحيحات &quot;DarkSword&quot; لتشمل iOS 18.7.7</strong> قامت شركة آبل بتوسيع التصحيحات الأمنية لمعالجة ثغرات مجموعة استغلال DarkSword لتشمل إصدار iOS وiPadOS 18.7.7. يحمي هذا التحديث المستخدمين من الثغرات المعروفة التي تستهدف أجهزة آبل المحمولة.
rss:CISA Advisories
01:16 KSA
حرج vulnerability
<strong>يوكوغاوا CENTUM VP</strong> ثغرة أمنية حرجة في نظام التحكم الصناعي يوكوغاوا CENTUM VP تسمح للمهاجمين بتسجيل الدخول كمستخدم PROG وتعديل الصلاحيات. تؤثر على الإصدارات R5.01.00 وR6.01.00 وR7.01.00، مما يشكل خطراً كبيراً على العمليات الصناعية.
rss:CISA Advisories
00:02 KSA
عالٍ vulnerability
<strong>ثغرات أمنية متعددة في منتجات Siemens SICAM 8</strong> تحتوي منتجات Siemens SICAM 8 الصناعية المتعددة على ثغرات أمنية قد تتيح هجمات حجب الخدمة، مما يؤثر على مكونات البنية التحتية الحيوية بما في ذلك البرامج الثابتة لأجهزة SICAM A8000 وSICAM EGS وSICAM S8000. تؤثر هذه الثغر…
rss:CISA Advisories
00:02 KSA
حرج vulnerability
<strong>ثغرة أمنية في منتج Ellipse من Hitachi Energy</strong> كشفت شركة Hitachi Energy عن ثغرة أمنية في Jasper Report تؤثر على إصدارات منتج Ellipse وتتيح تنفيذ هجمات التعليمات البرمجية عن بُعد. تشكل هذه الثغرة خطراً كبيراً على أنظمة التحكم الصناعية وتتطلب إجراءات معالجة فورية.
rss:Recorded Future
23:02 KSA
متوسط general
<strong>مشهد الجرائم الإلكترونية في أمريكا اللاتينية ومنطقة البحر الكاريبي</strong> النسخة الإسبانية من تقرير Recorded Future لعام 2025 حول الجرائم الإلكترونية في أمريكا اللاتينية ومنطقة البحر الكاريبي. يقدم التقرير رؤى حول تطورات التهديدات السيبرانية الإقليمية وتطور النظام البي…
rss:Recorded Future
23:02 KSA
متوسط general
<strong>مشهد الجرائم الإلكترونية في أمريكا اللاتينية ومنطقة البحر الكاريبي</strong> يحلل تقرير Recorded Future لعام 2025 اتجاهات الجرائم الإلكترونية في منطقة أمريكا اللاتينية والكاريبي. يدرس التقرير تطورات مشهد التهديدات والنظام البيئي الإجرامي التي قد تؤثر على العمليات الأمنية …
rss:Mandiant Blog
21:50 KSA
عالٍ malware
<strong>برنامج vSphere وبرمجية BRICKSTORM الخبيثة: دليل المدافع</strong> كشفت مجموعة استخبارات التهديدات من جوجل عن حملة برمجية BRICKSTORM الخبيثة التي تستهدف بيئات VMware vSphere الافتراضية وخادم vCenter بشكل خاص. يشكل هذا التهديد مخاطر كبيرة على المؤسسات التي تعتمد على بنية VM…
📰 أخبار الأمن السيبراني
0 مقال
📰 لا توجد أخبار مجمّعة اليوم حتى الآن

يتم تحديث هذه النشرة تلقائياً يومياً — آخر تحديث: 02 Apr 2026
أرشيف الثغرات · التهديدات · الأخبار

📣 وجدت هذا مفيداً؟
شاركه مع شبكة الأمن السيبراني الخاصة بك
in لينكدإن 𝕏 تويتر 💬 واتساب ✈ تليجرام
🍪 إعدادات الخصوصية
سيزو للاستشارات — متوافق مع نظام حماية البيانات الشخصية السعودي (PDPL)
نستخدم ملفات تعريف الارتباط والتقنيات المشابهة لتوفير أفضل تجربة على منصتنا. يمكنك اختيار الأنواع التي تقبلها.
🔒
ملفات ضرورية Always On
مطلوبة لعمل الموقع بشكل صحيح. لا يمكن تعطيلها.
📋 الجلسات، CSRF، المصادقة، تفضيلات اللغة
📊
ملفات التحليلات
تساعدنا في فهم كيفية استخدام الزوار للموقع وتحسين الأداء.
📋 إحصائيات الصفحات، مدة الجلسة، مصدر الزيارة
⚙️
ملفات وظيفية
تتيح ميزات محسنة مثل تخصيص المحتوى والتفضيلات.
📋 السمة المظلمة/الفاتحة، حجم الخط، لوحات التحكم المخصصة
📣
ملفات تسويقية
تُستخدم لتقديم محتوى وإعلانات ذات صلة باهتماماتك.
📋 تتبع الحملات، إعادة الاستهداف، تحليلات وسائل التواصل
سياسة الخصوصية →
مساعد CISO الذكي
اسألني أي شيء · وثائق · دعم
🔐

عرّفنا بنفسك

أدخل بياناتك للوصول إلى المساعد الكامل

معلوماتك آمنة ولن تُشارك
💬
المساعد السيبراني
متصل — يرد في ثوانٍ
5 / 5
🔐 تحقق من هويتك

أدخل بريدك الإلكتروني لإرسال رمز تحقق قبل إرسال طلب الدعم.

Enter للإرسال · / للأوامر 0 / 2000
CISO AI · مدعوم بالذكاء الاصطناعي
✦ استطلاع سريع ساعدنا في تحسين منصة سيزو للاستشارات ملاحظاتك تشكّل مستقبل منصتنا — لا تستغرق سوى دقيقتين.
⚠ يرجى الإجابة على هذا السؤال للمتابعة

كيف تقيّم تجربتك العامة مع منصتنا؟

قيّم من 1 (ضعيف) إلى 5 (ممتاز)

🎉
شكراً جزيلاً!
تم تسجيل إجابتك بنجاح.