123
ثغرة
20
تهديد
0
خبر
39
حرجة
36
CISA KEV
🛡 الثغرات الأمنية (CVE)
يسمح هذا الضعف للمستخدمين المصرحين بنقل ملكية فرق غير شخصية إلى أنفسهم دون تفويض مناسب. يؤدي هذا إلى السيطرة الكاملة على مساحات عمل الفريق والوصول غير المقيد إلى جميع بيانات الأنساب المرتبطة بالفريق المخترق. الثغرة موجودة في جميع الإصدارات السابقة للإصدار 5.9.1.
CVE-2026-35616
ثغرة التحكم بالوصول غير الصحيح في Fortinet FortiClient EMS تسمح بتنفيذ أكواد بعيدة
05:00 KSA
ثغرة التحكم بالوصول غير الصحيح في Fortinet FortiClient EMS تسمح للمهاجمين غير المصرح لهم بتنفيذ أكواد وأوامر غير مصرح بها عبر طلبات مصنوعة بعناية. تحمل الثغرة درجة خطورة حرجة بدرجة CVSS 9.8 وتتطلب إجراء فوري. يجب على المنظمات تطبيق التصحيحات الأمنية من البائع أو التوقف عن استخدام…
ثغرة SSRF في Azure Custom Locations Resource Provider تسمح للمهاجمين المصرحين بتنفيذ طلبات شبكية مزيفة لرفع صلاحياتهم. تؤثر على بيئات Azure الهجينة والسحابية في المنظمات السعودية. قد تؤدي إلى وصول غير مصرح به إلى موارد حساسة.
يتعلق هذا الضعف بفقدان آليات المصادقة الكافية في خادم Azure MCP، مما يسمح للمهاجمين بالوصول المباشر إلى الوظائف الحرجة دون بيانات اعتماد صحيحة. يمكن للمهاجمين استغلال هذه الثغرة للكشف عن معلومات حساسة وبيانات سرية عبر الشبكة. تصنف الثغرة بدرجة حرجة مع درجة CVSS 9.1، مما يشير إلى …
CVE-2017-0037
Microsoft Edge and Internet Explorer Type Confusion Vulnerability — Microsoft Edge and Internet Explorer have a type con
11:01 KSA
Microsoft Edge and Internet Explorer Type Confusion Vulnerability — Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.
CVE-2017-0059
Microsoft Internet Explorer Information Disclosure Vulnerability — Microsoft Internet Explorer allow remote attackers to
11:01 KSA
Microsoft Internet Explorer Information Disclosure Vulnerability — Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.
CVE-2017-0101
Microsoft Windows Transaction Manager Privilege Escalation Vulnerability — A privilege escalation vulnerability exists w
11:01 KSA
Microsoft Windows Transaction Manager Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.
CVE-2017-0143
Microsoft Windows Server Message Block (SMBv1) Remote Code Execution Vulnerability — Microsoft Windows Server Message Bl
11:01 KSA
Microsoft Windows Server Message Block (SMBv1) Remote Code Execution Vulnerability — Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution.
CVE-2017-0144
Microsoft SMBv1 Remote Code Execution Vulnerability — The SMBv1 server in multiple Microsoft Windows versions allows rem
11:01 KSA
Microsoft SMBv1 Remote Code Execution Vulnerability — The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
CVE-2017-0145
Microsoft SMBv1 Remote Code Execution Vulnerability — The SMBv1 server in multiple Microsoft Windows versions allows rem
11:01 KSA
Microsoft SMBv1 Remote Code Execution Vulnerability — The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
CVE-2017-0146
Microsoft Windows SMB Remote Code Execution Vulnerability — The SMBv1 server in Microsoft Windows allows remote attacker
11:01 KSA
Microsoft Windows SMB Remote Code Execution Vulnerability — The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.
CVE-2017-0147
Microsoft Windows SMBv1 Information Disclosure Vulnerability — The SMBv1 server in Microsoft Windows allows remote attac
11:01 KSA
Microsoft Windows SMBv1 Information Disclosure Vulnerability — The SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet.
CVE-2017-0148
Microsoft SMBv1 Server Remote Code Execution Vulnerability — The SMBv1 server in Microsoft allows remote attackers to ex
11:01 KSA
Microsoft SMBv1 Server Remote Code Execution Vulnerability — The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.
CVE-2017-0149
Microsoft Internet Explorer Memory Corruption Vulnerability — Microsoft Internet Explorer contains a memory corruption v
11:01 KSA
Microsoft Internet Explorer Memory Corruption Vulnerability — Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service (DoS) via a crafted website.
CVE-2017-0199
Microsoft Office and WordPad Remote Code Execution Vulnerability — Microsoft Office and WordPad contain an unspecified v
11:01 KSA
Microsoft Office and WordPad Remote Code Execution Vulnerability — Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution.
CVE-2017-0210
Microsoft Internet Explorer Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when Intern
11:01 KSA
Microsoft Internet Explorer Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information.
CVE-2017-0213
Microsoft Windows Privilege Escalation Vulnerability — Microsoft Windows COM Aggregate Marshaler allows for privilege es
11:01 KSA
Microsoft Windows Privilege Escalation Vulnerability — Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.
CVE-2017-0222
Microsoft Internet Explorer Remote Code Execution Vulnerability — A remote code execution vulnerability exists when Inte
11:01 KSA
Microsoft Internet Explorer Remote Code Execution Vulnerability — A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
CVE-2017-0261
Microsoft Office Use-After-Free Vulnerability — Microsoft Office contains a use-after-free vulnerability which can allow
11:01 KSA
Microsoft Office Use-After-Free Vulnerability — Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution.
CVE-2017-0262
Microsoft Office Remote Code Execution Vulnerability — A remote code execution vulnerability exists in Microsoft Office.
11:01 KSA
Microsoft Office Remote Code Execution Vulnerability — A remote code execution vulnerability exists in Microsoft Office.
CVE-2017-0263
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains a privilege escalation vulnerability due
11:01 KSA
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory.
CVE-2017-1000253
Linux Kernel PIE Stack Buffer Corruption Vulnerability — Linux kernel contains a position-independent executable (PIE)
11:01 KSA
Linux Kernel PIE Stack Buffer Corruption Vulnerability — Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges.
CVE-2017-1000353
Jenkins Remote Code Execution Vulnerability — Jenkins contains a remote code execution vulnerability. This vulnerability
11:01 KSA
Jenkins Remote Code Execution Vulnerability — Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would be deserialized using a new Object…
CVE-2017-1000486
Primetek Primefaces Remote Code Execution Vulnerability — Primetek Primefaces is vulnerable to a weak encryption flaw re
11:01 KSA
Primetek Primefaces Remote Code Execution Vulnerability — Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution
CVE-2017-10271
Oracle Corporation WebLogic Server Remote Code Execution Vulnerability — Oracle Corporation WebLogic Server contains a v
11:01 KSA
Oracle Corporation WebLogic Server Remote Code Execution Vulnerability — Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution.
CVE-2017-11292
Adobe Flash Player Type Confusion Vulnerability — Adobe Flash Player contains a type confusion vulnerability which can a
11:01 KSA
Adobe Flash Player Type Confusion Vulnerability — Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.
CVE-2017-11317
Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability — Telerik.Web.UI in Progress Telerik UI for ASP.NET A
11:01 KSA
Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability — Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
CVE-2017-11357
Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability — Telerik UI for ASP.NET AJAX contains an ins
11:01 KSA
Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability — Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.
CVE-2017-11774
Microsoft Office Outlook Security Feature Bypass Vulnerability — Microsoft Office Outlook contains a security feature by
11:01 KSA
Microsoft Office Outlook Security Feature Bypass Vulnerability — Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands.
CVE-2017-11826
Microsoft Office Remote Code Execution Vulnerability — A remote code execution vulnerability exists in Microsoft Office
11:01 KSA
Microsoft Office Remote Code Execution Vulnerability — A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the …
CVE-2017-11882
Microsoft Office Memory Corruption Vulnerability — Microsoft Office contains a memory corruption vulnerability that allo
11:01 KSA
Microsoft Office Memory Corruption Vulnerability — Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.
CVE-2017-12149
Red Hat JBoss Application Server Remote Code Execution Vulnerability — The JBoss Application Server, shipped with Red Ha
11:01 KSA
Red Hat JBoss Application Server Remote Code Execution Vulnerability — The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data.
CVE-2017-12231
Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability — A vulnerability in the implementation o
11:01 KSA
Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability — A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS could allow an unauthenticated, remote attacker to cause a denial of service.
CVE-2017-12232
Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability — A vulnerability in the implem
11:01 KSA
Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability — A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS could allow an unauthenticated, adjacent attacker to…
CVE-2017-12233
Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability — There is a vulnerability in the
11:01 KSA
Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability — There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reloa…
CVE-2017-12234
Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability — There is a vulnerability in the
11:01 KSA
Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability — There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reloa…
CVE-2017-12235
Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability — A vulnerability in
11:01 KSA
Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability — A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS could allow an unauthenticated, remote attacker to cause an affec…
CVE-2017-12237
Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability — A vulnerability in the Internet Ke
11:01 KSA
Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability — A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messa…
تحتوي منصة ConnectWise ScreenConnect على ثغرة حرجة في آلية المصادقة تسمح للمهاجمين بتنفيذ هجمات حقن كود ViewState. يمكن للمهاجمين الاستفادة من هذه الثغرة لتنفيذ أكواد برمجية بعيدة على الأنظمة المتأثرة إذا تم اختراق مفاتيح الآلة. هذه الثغرة ذات خطورة عالية جداً وتؤثر على سلامة وأم…
CVE-2026-20433
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of
12:16 KSA
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed…
CVE-2026-22683
Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operat
18:17 KSA
Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operator role to perform prohibited entity creation and modification actions via the backend API. Although Operators are documented and priced as unable to create or …
CVE-2026-30460
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in t
14:52 KSA
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module.
CVE-2026-34121
An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v
03:23 KSA
An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an…
CVE-2026-3666
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4
15:48 KSA
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a missing file name/path validation against path traversal sequences. This makes it possible for authenticated attackers, with subscriber le…
CVE-2026-39342
ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with th
18:17 KSA
ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports > Query Menu and access to the "Advanced Search" query. Th…
CVE-2026-5465
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object R
14:52 KSA
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the `UpdateProviderCommandHandler` failing to validate changes to the `externalId` field wh…
CVE-2026-5544
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown fu
23:18 KSA
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remote…
CVE-2026-5548
A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysT
23:18 KSA
A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. The attack can be initiated …
CVE-2026-5550
A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of
23:18 KSA
A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected.
CVE-2026-34728
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handl
21:54 KSA
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory…
CVE-2026-32173
Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.
03:23 KSA
Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.
CVE-2018-25251
Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attacke
21:54 KSA
Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Socket Port Number field via the Net…
CVE-2018-25255
10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local
21:54 KSA
10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption p…
CVE-2015-10148
Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical
09:36 KSA
Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attacke…
CVE-2026-4740
A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM).
14:52 KSA
A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OC…
CVE-2016-15058
Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior t
09:36 KSA
Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when t…
CVE-2026-22661
prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attacker
09:36 KSA
prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames containing path traversal sequences. Attackers can…
CVE-2026-22665
prompts.chat prior to commit 1464475 contains an identity confusion vulnerability due to inconsistent case-sensitive and
09:36 KSA
prompts.chat prior to commit 1464475 contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing attackers to create case-variant usernames that bypass uniqueness checks. Attacker…
CVE-2026-34377
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic
03:23 KSA
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providi…
CVE-2026-34742
The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol (MCP) Go SDK does no
03:23 KSA
The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol (MCP) Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTT…
CVE-2026-4350
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to,
04:54 KSA
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the `PMCS::action_handler()` method processing the `$_GET['delete']` parameter without any sanitization, authorization ch…
CVE-2026-4896
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is
09:36 KSA
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including `wcfm_modify_order_status`, `de…
CVE-2016-20055
IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 serv
15:48 KSA
IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path and trigger privilege escalation when the…
CVE-2016-20056
Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv service
15:48 KSA
Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv services that allows local attackers to escalate privileges by inserting malicious executables. Attackers can place executable files in the unquoted service path and t…
CVE-2016-20057
NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that
15:48 KSA
NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the unquoted path and trigger…
CVE-2016-20058
Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivi
15:48 KSA
Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger servi…
CVE-2016-20059
IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services
15:48 KSA
IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services that allows local attackers to escalate privileges. Attackers can insert a malicious executable file in the unquoted service path and trigger privilege escalat…
CVE-2016-20060
Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attac
21:54 KSA
Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables. Attackers can place executable files in the service path and upon service restart or system rebo…
CVE-2016-20061
sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers
21:54 KSA
sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or sy…
CVE-2026-22561
Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.336
03:23 KSA
Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs (e.g., profapi.dll) from its own directory after UAC elevation, enab…
CVE-2026-22664
prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling
09:36 KSA
prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the …
CVE-2026-34365
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and
21:54 KSA
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery (SSRF) vulnerability exists in the Estimate PDF generation module. User-supplied HTML in the e…
CVE-2026-34366
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and
21:54 KSA
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery (SSRF) vulnerability exists in the Payment receipt PDF generation module. User-supplied HTML i…
CVE-2026-34426
OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment varia
03:23 KSA
OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval s…
CVE-2018-25246
Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application
21:54 KSA
Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. Attackers can paste a large buffer of repeated characters into the search bar to trigger an app…
CVE-2020-37216
Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet
04:54 KSA
Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet…
CVE-2026-1233
The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress is vulnerable to sensitive information exposure i
15:48 KSA
The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.9.8. This is due to the plugin containing hardcoded MySQL database credentials for the vendor's external telemetry server…
CVE-2026-22663
prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate che
09:36 KSA
prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can expl…
CVE-2026-26027
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store
23:32 KSA
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6.
CVE-2026-34752
Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the H
03:23 KSA
Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the Haraka worker process. This issue has been patched in version 3.1.4.
CVE-2022-4987
Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of
04:54 KSA
Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place …
CVE-2026-5368
A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of t
03:23 KSA
A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possib…
CVE-2026-5418
A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of th
03:23 KSA
A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side req…
CVE-2026-5526
A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerabil
21:54 KSA
A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The explo…
CVE-2026-5534
A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the fil
21:54 KSA
A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit&id=10 of the component Parameter Handler. Such manipulation of the argument USERID leads to sql injection. The attack can be exe…
CVE-2026-5536
A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_serv
21:54 KSA
A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_server.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted earl…
CVE-2026-5551
A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknow
23:18 KSA
A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/login.php of the component Parameter Handler. The manipulation of the argument email results in sql injection. The attack may be…
CVE-2026-5554
A security flaw has been discovered in code-projects Concert Ticket Reservation System 1.0. Affected by this issue is so
23:18 KSA
A security flaw has been discovered in code-projects Concert Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file /ConcertTicketReservationSystem-master/process_search.php of the component Parameter Handler. Performing a manipulation of …
CVE-2026-5692
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the fil
12:16 KSA
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been m…
CVE-2026-5736
A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-serve
18:17 KSA
A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of th…
CVE-2026-5739
A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.
18:17 KSA
A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The atta…
CVE-2026-5741
A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stop_con
18:17 KSA
A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stop_container/remove_container/pull_image of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. The attack is possib…
CVE-2018-25248
MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inje
21:54 KSA
MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject malicious scripts through the download title field. Attackers can submit a new download with HTML/JavaScript code in the title parameter, which executes when…
CVE-2018-25250
MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows atta
21:54 KSA
MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that exec…
CVE-2026-22666
Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dol_eval_s
14:52 KSA
Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dol_eval_standard() function that fails to apply forbidden string checks in whitelist mode and does not detect PHP dynamic callable syntax. Attackers with administrator p…
CVE-2026-25932
GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user c
23:32 KSA
GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24.
CVE-2026-2936
The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page
15:48 KSA
The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_title' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat…
CVE-2026-5425
The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feed_data'
09:36 KSA
The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feed_data' parameter keys in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate…
CVE-2017-20238
Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorizat
09:36 KSA
Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative …
CVE-2026-22682
OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inco
18:17 KSA
OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the inten…
CVE-2026-3445
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePres
09:36 KSA
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership…
CVE-2025-47374
Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling.
07:48 KSA
Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling.
CVE-2026-5660
A vulnerability was determined in itsourcecode Construction Management System 1.0. The impacted element is an unknown fu
03:16 KSA
A vulnerability was determined in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /borrowed_equip.php of the component Parameter Handler. This manipulation of the argument emp causes sql injection. The attack may be initiat…
CVE-2026-5670
A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This is
11:59 KSA
A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This issue affects the function move_uploaded_file of the file /AssignmentSection/submission/upload.php. Performing a manipulation of the argument File results in unre…
CVE-2026-5675
A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /
11:59 KSA
A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /borrowed_tool.php of the component Parameter Handler. The manipulation of the argument emp results in sql injection. It is possible to launch the attack remotel…
CVE-2026-5681
A flaw has been found in itsourcecode sanitize or validate this input 1.0. This impacts an unknown function of the file
11:59 KSA
A flaw has been found in itsourcecode sanitize or validate this input 1.0. This impacts an unknown function of the file /borrowedequip.php of the component Parameter Handler. This manipulation of the argument emp_id causes sql injection. The attack is possible to be carried out r…
CVE-2026-5719
A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /
16:25 KSA
A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /borrowedtool.php. Executing a manipulation of the argument code can lead to sql injection. It is possible to launch the attack remotely. The exploit has been pu…
CVE-2025-13044
IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite ar
16:25 KSA
IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.
يوجد ثغرة قراءة خارج الحدود في الذاكرة المكومة في مكتبة libtheora ضمن محلل ملفات AVI، تحديداً في دالة avi_parse_input_file(). يمكن لمهاجم محلي استغلال هذه الثغرة بخداع المستخدم لفتح ملف AVI مصنوع خصيصاً يحتوي على رأس فرعي مقطوع.
CVE-2026-5679
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted element is the functi
11:59 KSA
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument stun_pass leads to os command injection. The exploit has been disclosed publi…
CVE-2026-5683
A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerability is the function fromP2pListFilter o
11:59 KSA
A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack must originate from the loca…
CVE-2026-5745
A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically w
23:32 KSA
A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare "d" or "default" tag without subsequent fields), the funct…
CVE-2026-22675
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthe
14:15 KSA
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue a…
CVE-2026-35200
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73
01:33 KSA
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1-alpha.4, a file can be uploaded with a filename extension that passes the file extension allowlist (e.g., .txt) but with a Content-Type header that di…
CVE-2026-39346
OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source allowed auth
00:32 KSA
OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via URL-encoded request paths and access functionality of modules disabled by an administrator. This v…
CVE-2026-4065
The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing cap
05:48 KSA
The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wp_ajax_smart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The display_admin_ajax() method does not cal…
CVE-2025-14944
The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2
23:32 KSA
The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.0.0. This is due to a missing capability check on the 'initializeOfflineAjax' function and lack of proper nonce verification. The endpoint only validates again…
CVE-2026-22680
OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allo
01:33 KSA
OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/{ta…
CVE-2026-3177
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vul
16:25 KSA
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incomi…
CVE-2026-5661
A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handle
05:32 KSA
A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available and might be used.
CVE-2026-5666
A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionalit
07:48 KSA
A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component SQL Database Backup File Handler. The manipulation results in insecure storage of sensitive information. The atta…
CVE-2026-34589
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the
01:33 KSA
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-b…
CVE-2026-5704
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to
11:59 KSA
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce …
⚠️ استخبارات التهديدات
20 تهديد
rss:The Hacker News
—
06:54 KSA
<strong>منصة بناء وكلاء الذكاء الاصطناعي Flowise تحت استغلال نشط لثغرة تنفيذ أوامر عن بعد بدرجة خطورة 10.0</strong>
يستغل مجرمو الإنترنت بشكل نشط الثغرة CVE-2025-59528 ذات الخطورة القصوى (10.0 CVSS) في منصة Flowise للذكاء الاصطناعي التي تتيح تنفيذ أوامر عن بعد. أكثر من 12,000 نظ…
rss:The Hacker News
—
06:54 KSA
<strong>مجموعة Storm-1175 الصينية تستغل ثغرات يوم الصفر لنشر برمجية الفدية Medusa بسرعة</strong>
تشن مجموعة التهديد الصينية Storm-1175 هجمات فدية عالية السرعة باستغلال ثغرات يوم الصفر والثغرات المعروفة لنشر برمجية الفدية Medusa. تظهر المجموعة وتيرة عمليات سريعة في اختراق الأنظمة…
rss:The Hacker News
—
06:54 KSA
<strong>هجوم GPUBreach الجديد يتيح تصعيد كامل لصلاحيات المعالج عبر قلب بتات GDDR6</strong>
اكتشف باحثون أكاديميون هجمات RowHammer تستهدف وحدات معالجة الرسومات عالية الأداء تتيح تصعيد الصلاحيات والسيطرة الكاملة على النظام المضيف. تستغل الهجمات المسماة GPUBreach وGDDRHammer وGeF ث…
rss:Dark Reading
—
05:49 KSA
<strong>هجوم على سلسلة التوريد بمساعدة الذكاء الاصطناعي يستهدف GitHub</strong>
يستخدم مهاجمون الذكاء الاصطناعي لأتمتة الهجمات التي تستغل أخطاء التكوين في GitHub في حملة تسمى PRT-scan. يمثل هذا ثاني هجوم على سلسلة التوريد بمساعدة الذكاء الاصطناعي يستهدف ثغرات GitHub الواسعة الانت…
rss:Dark Reading
—
05:49 KSA
<strong>التركيز على العنصر البشري في الأمن السيبراني في مؤتمر RSAC 2026</strong>
يؤكد مؤتمر RSAC 2026 على الدور الحاسم للعنصر البشري في الأمن السيبراني رغم هيمنة الذكاء الاصطناعي على النقاشات. يبرز المؤتمر أن التكنولوجيا وحدها لا يمكنها حل التحديات الأمنية دون متخصصين مهرة في ال…
rss:Dark Reading
—
05:49 KSA
<strong>الأكاذيب والأكاذيب الملعونة ومقاييس الأمن السيبراني</strong>
يناقش قادة تنفيذيون التحديات في قياس فعالية الأمن السيبراني ولماذا تفشل المقاييس الحالية في تحسين النتائج الأمنية. يسلط النقاش الضوء على الفجوة بين ممارسات القياس والتحسينات الأمنية الفعلية في المؤسسات.
rss:The Hacker News
—
05:48 KSA
<strong>التكلفة الخفية لحوادث بيانات الاعتماد المتكررة</strong>
يكشف تقرير IBM لعام 2025 حول تكلفة اختراق البيانات أن متوسط تكلفة الاختراق يبلغ 4.4 مليون دولار، مما يسلط الضوء على التأثير المالي لحوادث أمن بيانات الاعتماد. يؤكد المقال أن حوادث بيانات الاعتماد المتكررة تحمل تكالي…
rss:The Hacker News
—
05:48 KSA
<strong>أكثر من 1000 نسخة مكشوفة من ComfyUI مستهدفة في حملة بوت نت للتعدين الرقمي</strong>
تستهدف حملة نشطة أكثر من 1000 نسخة مكشوفة من ComfyUI على الإنترنت لتجنيدها في شبكة بوت نت للتعدين الرقمي والبروكسي. يقوم ماسح Python مخصص بمسح نطاقات IP السحابية الرئيسية باستمرار لتحديد و…
rss:The Hacker News
—
05:48 KSA
<strong>ثغرة Docker CVE-2026-34040 تسمح للمهاجمين بتجاوز التفويض والوصول إلى المضيف</strong>
تم الكشف عن ثغرة أمنية عالية الخطورة (CVE-2026-34040، درجة CVSS 8.8) في محرك Docker تسمح للمهاجمين بتجاوز إضافات التفويض في ظروف معينة. تمثل هذه الثغرة إصلاحاً غير مكتمل لثغرة سابقة CVE-…
rss:Dark Reading
—
04:37 KSA
<strong>الإنسان مقابل الذكاء الاصطناعي: النقاشات تشكل اتجاهات الأمن السيبراني في RSAC 2026</strong>
شهد مؤتمر RSAC 2026 نقاشات مكثفة بين مسؤولي أمن المعلومات وقادة الصناعة حول دور الذكاء الاصطناعي في الأمن السيبراني. تركزت المناقشات الرئيسية على تطبيقات الذكاء الاصطناعي الوكيل و…
rss:Dark Reading
—
04:37 KSA
<strong>مؤتمر RSAC 2026: كيف يعيد الذكاء الاصطناعي تشكيل الأمن السيبراني بسرعة غير مسبوقة</strong>
تسلط تغطية دارك ريدينج لمؤتمر RSAC 2026 الضوء على كيفية تحول الذكاء الاصطناعي السريع لممارسات الأمن السيبراني. عرض المؤتمر الاتجاهات والتقنيات الناشئة التي تغير بشكل جذري كيفية تعا…
rss:Dark Reading
—
04:37 KSA
<strong>جرافانا تصلح ثغرة في الذكاء الاصطناعي قد تؤدي لتسريب بيانات المستخدمين</strong>
أصلحت جرافانا ثغرة حرجة في الذكاء الاصطناعي تسمح للمهاجمين بإخفاء تعليمات خبيثة على صفحات الويب. يمكن خداع الذكاء الاصطناعي لتنفيذ أوامر تبدو شرعية لكنها تسرب بيانات حساسة إلى خوادم المهاجمين…
rss:The Hacker News
—
04:36 KSA
<strong>ندوة عبر الإنترنت: كيفية سد فجوات الهوية في 2026 قبل أن يستغل الذكاء الاصطناعي مخاطر المؤسسات</strong>
يكشف بحث جديد من معهد Ponemon عن مفارقة حرجة حيث تنضج برامج هوية المؤسسات لكن المخاطر الإجمالية تتزايد بسبب التهديدات المدعومة بالذكاء الاصطناعي. تتناول الندوة فجوات أم…
rss:The Hacker News
—
04:36 KSA
<strong>مجموعة APT28 الروسية تستغل أجهزة توجيه الشبكات المنزلية في حملة عالمية لاختطاف نظام أسماء النطاقات</strong>
اخترقت مجموعة APT28 الروسية المدعومة من الدولة أجهزة توجيه MikroTik وTP-Link غير الآمنة عالمياً، وعدلت إعدادات DNS الخاصة بها لإنشاء بنية تحتية خبيثة لعمليات التجس…
rss:Dark Reading
—
03:33 KSA
<strong>Storm-1175 تنشر برمجية الفدية Medusa بسرعة عالية</strong>
أفادت مايكروسوفت أن مجموعة Storm-1175، وهي مجموعة جرائم إلكترونية ذات دوافع مالية، تنشر برمجية الفدية Medusa بسرعة عالية. استغلت المجموعة ثغرات معروفة وثغرات يوم الصفر في حملات تتميز بالتنفيذ السريع وسرعة النشر.
rss:Malwarebytes Lab
—
01:17 KSA
<strong>اختراق منصة الدعم يكشف بيانات عملاء Hims & Hers</strong>
تعرضت منصة الرعاية الصحية Hims & Hers لاختراق بيانات عبر نظام دعم العملاء، مما أدى إلى كشف معلومات حساسة للمرضى. يسلط الحادث الضوء على ضعف المؤسسات الصحية التي تخزن بيانات طبية ومالية شخصية للغاية.
rss:Malwarebytes Lab
—
01:17 KSA
<strong>عمليات احتيال مخالفات المرور تستبدل الروابط برموز QR لسرقة بيانات البطاقات</strong>
يطور المجرمون الإلكترونيون أساليب التصيد الاحتيالي باستخدام رموز QR في إشعارات مخالفات مرورية مزيفة تبدو رسمية. عند مسح هذه الرموز، يتم توجيه الضحايا إلى صفحات دفع احتيالية مصممة لسرقة مع…
rss:CISA Advisories
—
23:00 KSA
<strong>ثغرات في منتجات Mitsubishi Electric GENESIS64 وحزمة ICONICS</strong>
ثغرات حرجة في منتجات Mitsubishi Electric GENESIS64 وحزمة ICONICS تسمح للمهاجمين المحليين بسرقة بيانات اعتماد SQL Server. قد يؤدي الاستغلال إلى الكشف عن البيانات أو التلاعب بها أو تدميرها أو حالة حجب الخ…
rss:CISA Advisories
—
23:00 KSA
<strong>جهات تهديد سيبرانية إيرانية تستغل وحدات التحكم المنطقية القابلة للبرمجة عبر البنية التحتية الحرجة الأمريكية</strong>
تقوم جهات تهديد متقدمة مستمرة إيرانية باستغلال وحدات التحكم المنطقية القابلة للبرمجة في البنية التحتية الحرجة الأمريكية. يمثل هذا تهديداً كبيراً لأنظمة ال…
rss:Krebs on Securit
—
21:49 KSA
<strong>روسيا تخترق أجهزة التوجيه لسرقة رموز مصادقة مايكروسوفت أوفيس</strong>
قراصنة مرتبطون بالاستخبارات العسكرية الروسية يستغلون ثغرات في أجهزة التوجيه القديمة لسرقة رموز مصادقة مايكروسوفت أوفيس بشكل جماعي. تتيح حملة التجسس الإلكتروني المدعومة من الدولة الوصول غير المصرح به إل…
📰 أخبار الأمن السيبراني
0 مقال
لا توجد أخبار مجمّعة اليوم حتى الآن
يتم تحديث هذه النشرة تلقائياً يومياً — آخر تحديث: 07 Apr 2026
أرشيف الثغرات ·
التهديدات ·
الأخبار