120
ثغرة
31
تهديد
0
خبر
30
حرجة
29
CISA KEV
🛡 الثغرات الأمنية (CVE)
ثغرة حقن القوالب في GLPI تسمح للمسؤولين المصرح لهم بتنفيذ أكواد تعسفية على الخادم من خلال معالجة القوالب غير الآمنة. تؤثر الثغرة على الإصدارات من 11.0.0 إلى 11.0.5 وتم إصلاحها في الإصدار 11.0.6.
CVE-2018-11776
Apache Struts Remote Code Execution Vulnerability — Apache Struts contains a vulnerability that allows for remote code e
11:01 KSA
Apache Struts Remote Code Execution Vulnerability — Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurati…
CVE-2018-1273
VMware Tanzu Spring Data Commons Property Binder Vulnerability — Spring Data Commons contains a property binder vulnerab
11:01 KSA
VMware Tanzu Spring Data Commons Property Binder Vulnerability — Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution.
CVE-2018-13374
Fortinet FortiOS and FortiADC Improper Access Control Vulnerability — Fortinet FortiOS and FortiADC contain an improper
11:01 KSA
Fortinet FortiOS and FortiADC Improper Access Control Vulnerability — Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity te…
CVE-2018-13379
Fortinet FortiOS SSL VPN Path Traversal Vulnerability — Fortinet FortiOS SSL VPN web portal contains a path traversal vu
11:01 KSA
Fortinet FortiOS SSL VPN Path Traversal Vulnerability — Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.
CVE-2018-13382
Fortinet FortiOS and FortiProxy Improper Authorization — An Improper Authorization vulnerability in Fortinet FortiOS and
11:01 KSA
Fortinet FortiOS and FortiProxy Improper Authorization — An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.
CVE-2018-13383
Fortinet FortiOS and FortiProxy Out-of-bounds Write — A heap buffer overflow in Fortinet FortiOS and FortiProxy may caus
11:01 KSA
Fortinet FortiOS and FortiProxy Out-of-bounds Write — A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.
CVE-2018-14558
Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability — Tenda AC7, AC9, and AC10 devices contain a command in
11:01 KSA
Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability — Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker t…
CVE-2018-14667
Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability — Red Hat JBoss RichFaces Framework contai
11:01 KSA
Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability — Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute …
CVE-2018-14839
LG N1A1 NAS Remote Command Execution Vulnerability — LG N1A1 NAS 3718.510 is affected by a remote code execution vulnera
11:01 KSA
LG N1A1 NAS Remote Command Execution Vulnerability — LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability.
CVE-2018-14847
MikroTik Router OS Directory Traversal Vulnerability — MikroTik RouterOS through 6.42 allows unauthenticated remote atta
11:01 KSA
MikroTik Router OS Directory Traversal Vulnerability — MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
CVE-2018-14933
NUUO NVRmini Devices OS Command Injection Vulnerability — NUUO NVRmini devices contain an OS command injection vulnerab
11:01 KSA
NUUO NVRmini Devices OS Command Injection Vulnerability — NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
CVE-2018-15133
Laravel Deserialization of Untrusted Data Vulnerability — Laravel Framework contains a deserialization of untrusted data
11:01 KSA
Laravel Deserialization of Untrusted Data Vulnerability — Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key …
CVE-2018-15811
DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability — DotNetNuke (DNN) contains an inadequate encryption stren
11:01 KSA
DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability — DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters.
CVE-2018-15961
Adobe ColdFusion Unrestricted File Upload Vulnerability — Adobe ColdFusion contains an unrestricted file upload vulnerab
11:01 KSA
Adobe ColdFusion Unrestricted File Upload Vulnerability — Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.
CVE-2018-15982
Adobe Flash Player Use-After-Free Vulnerability — Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free V
11:01 KSA
Adobe Flash Player Use-After-Free Vulnerability — Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability
CVE-2018-17463
Google Chromium V8 Remote Code Execution Vulnerability — Google Chromium V8 Engine contains an unspecified vulnerability
11:01 KSA
Google Chromium V8 Remote Code Execution Vulnerability — Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chro…
CVE-2018-17480
Google Chromium V8 Out-of-Bounds Write Vulnerability — Google Chromium V8 Engine contains out-of-bounds write vulnerabil
11:01 KSA
Google Chromium V8 Out-of-Bounds Write Vulnerability — Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize C…
CVE-2018-18325
DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability — DotNetNuke (DNN) contains an inadequate encryption stren
11:01 KSA
DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability — DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811…
CVE-2018-18809
TIBCO JasperReports Library Directory Traversal Vulnerability — TIBCO JasperReports Library contains a directory-travers
11:01 KSA
TIBCO JasperReports Library Directory Traversal Vulnerability — TIBCO JasperReports Library contains a directory-traversal vulnerability that may allow web server users to access contents of the host system.
CVE-2018-19320
GIGABYTE Multiple Products Unspecified Vulnerability — The GDrv low-level driver in GIGABYTE App Center, AORUS Graphics
11:01 KSA
GIGABYTE Multiple Products Unspecified Vulnerability — The GDrv low-level driver in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected …
CVE-2018-19321
GIGABYTE Multiple Products Privilege Escalation Vulnerability — The GPCIDrv and GDrv low-level drivers in GIGABYTE App C
11:01 KSA
GIGABYTE Multiple Products Privilege Escalation Vulnerability — The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by …
CVE-2018-19322
GIGABYTE Multiple Products Code Execution Vulnerability — The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center,
11:01 KSA
GIGABYTE Multiple Products Code Execution Vulnerability — The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read/write data from/to IO ports. This could be leveraged in a number of wa…
CVE-2018-19323
GIGABYTE Multiple Products Privilege Escalation Vulnerability — The GPCIDrv and GDrv low-level drivers in GIGABYTE App C
11:01 KSA
GIGABYTE Multiple Products Privilege Escalation Vulnerability — The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU expose functionality to read and write arbitrary physical memory. This could be leveraged by a l…
CVE-2018-19410
Paessler PRTG Network Monitor Local File Inclusion Vulnerability — Paessler PRTG Network Monitor contains a local file i
11:01 KSA
Paessler PRTG Network Monitor Local File Inclusion Vulnerability — Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attacker to create users with read-write privileges (including administrator).
CVE-2018-19943
QNAP NAS File Station Cross-Site Scripting Vulnerability — A cross-site scripting vulnerability affecting QNAP NAS File
11:01 KSA
QNAP NAS File Station Cross-Site Scripting Vulnerability — A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.
CVE-2018-19949
QNAP NAS File Station Command Injection Vulnerability — A command injection vulnerability affecting QNAP NAS File Statio
11:01 KSA
QNAP NAS File Station Command Injection Vulnerability — A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands.
CVE-2018-19953
QNAP NAS File Station Cross-Site Scripting Vulnerability — A cross-site scripting vulnerability affecting QNAP NAS File
11:01 KSA
QNAP NAS File Station Cross-Site Scripting Vulnerability — A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.
CVE-2018-20062
ThinkPHP "noneCms" Remote Code Execution Vulnerability — ThinkPHP "noneCms" contains an unspecified vulnerability that a
11:01 KSA
ThinkPHP "noneCms" Remote Code Execution Vulnerability — ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter.
CVE-2018-20250
WinRAR Absolute Path Traversal Vulnerability — WinRAR Absolute Path Traversal vulnerability leads to Remote Code Executi
11:01 KSA
WinRAR Absolute Path Traversal Vulnerability — WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution
CVE-2025-47392
Memory corruption when decoding corrupted satellite data files with invalid signature offsets.
00:38 KSA
Memory corruption when decoding corrupted satellite data files with invalid signature offsets.
CVE-2026-33510
Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been disco
05:32 KSA
Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been discovered in Homarr's /auth/login page. The application improperly trusts a URL parameter (callbackUrl), which is passed to redirect and router.push. An attacker ca…
CVE-2026-35643
OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject
08:18 KSA
OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application context.
CVE-2026-35663
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request bro
16:36 KSA
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges.
CVE-2026-35666
OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/b
22:47 KSA
OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval state for inner commands.
CVE-2026-35669
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that
22:47 KSA
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges…
CVE-2026-5989
A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. E
01:48 KSA
A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and ma…
CVE-2026-5990
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter
01:48 KSA
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The expl…
CVE-2026-5991
A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /gof
01:48 KSA
A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made publ…
CVE-2026-5992
A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2
03:48 KSA
A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2pListFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publ…
CVE-2026-6012
A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file
03:48 KSA
A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be …
CVE-2026-6013
A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /g
07:54 KSA
A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack may be performed from …
CVE-2026-6014
A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formA
13:55 KSA
A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remot…
CVE-2026-6015
A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/Qui
20:00 KSA
A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch th…
CVE-2026-6016
A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/W
20:00 KSA
A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of the argument WANS results in stack-based buffer overflow. The attack can be init…
CVE-2021-47961
A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to
04:18 KSA
A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN tr…
CVE-2026-35653
OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that all
16:36 KSA
OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can invoke POST /reset-profile throug…
CVE-2026-35660
OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint tha
16:36 KSA
OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an exp…
CVE-2026-4351
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to,
03:48 KSA
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the `PMCS::action_handler()` method processing the bulk action `activate`/`deactivate` handlers without any authorization …
CVE-2024-14032
Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that
11:36 KSA
Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service. Attackers can invoke the installFromPath:toPath:withReply: me…
CVE-2025-47389
Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.
18:37 KSA
Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.
Memory corruption while preprocessing IOCTL request in JPEG driver.
Memory corruption while processing a frame request from user.
CVE-2026-21371
Memory Corruption when retrieving output buffer with insufficient size validation.
00:38 KSA
Memory Corruption when retrieving output buffer with insufficient size validation.
CVE-2026-21372
Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.
00:38 KSA
Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.
CVE-2026-35641
OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that
08:18 KSA
OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install execution in the staged package director…
CVE-2026-35668
OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to re
22:47 KSA
OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in n…
CVE-2026-21367
Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
00:38 KSA
Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
CVE-2026-3360
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Ref
03:48 KSA
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the `pay_incomplete_order()` function. The…
CVE-2026-35650
OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypa
10:19 KSA
OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malformed override keys that slip through inconsi…
CVE-2026-40073
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under
05:16 KSA
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODY_SIZE_LIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size lim…
CVE-2026-40074
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redir
05:16 KSA
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled T…
CVE-2026-5648
A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /u
05:32 KSA
A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /userfinishregister.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is…
CVE-2026-5663
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEn
11:36 KSA
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the at…
CVE-2026-6004
A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the fil
03:48 KSA
A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /delete-category.php. Performing a manipulation of the argument cat_id results in sql injection. It is possible to initiate the attack remotely. The exploit i…
CVE-2026-6024
A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfu
20:00 KSA
A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly dis…
CVE-2026-6031
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the
22:16 KSA
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been di…
CVE-2026-6036
A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown fu
22:16 KSA
A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown function of the file /util/VehicleDetailsFunction.php. The manipulation of the argument VEHICLE_ID results in sql injection. The attack can be executed remotely. …
CVE-2026-6037
A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function
04:18 KSA
A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BRANCH_ID causes sql injection. The attack is possible to be carried out remotely. …
CVE-2026-6038
A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function
04:18 KSA
A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCH_ID leads to sql injection. The attack may be performed from remote. Th…
CVE-2026-29002
CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin
04:18 KSA
CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the f_k_levels_list parameter in user creation requests. Attackers can modify the parameter value from 4 to 10 in the HTTP request bo…
CVE-2026-29047
GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user
05:32 KSA
GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is fixed in 10.0.24 and 11.0.6.
CVE-2025-47400
Cryptographic issue while copying data to a destination buffer without validating its size.
00:38 KSA
Cryptographic issue while copying data to a destination buffer without validating its size.
CVE-2026-33704
Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including students) can write arb
03:25 KSA
Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including students) can write arbitrary content to files on the server via the BigUpload endpoint. The key parameter controls the filename and the raw POST body becomes the file content. While …
CVE-2026-4162
The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. Th
04:18 KSA
The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscrib…
CVE-2026-21915
A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweig
06:54 KSA
A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows a local, high privileged attacker to escalate their privileges to root.
The CLI menu accepts input without carefully validating it, …
CVE-2021-47960
A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows
19:18 KSA
A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with …
CVE-2025-59969
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forwarding toolki
04:48 KSA
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forwarding toolkit (evo-aftmand/evo-pfemand) of Juniper Networks Junos OS Evolved on PTX Series or QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial …
CVE-2026-21919
An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evol
09:54 KSA
An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Denial-of-Service (DoS) of the management plane.
When NETCONF sessions are quickly …
CVE-2026-33774
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper N
20:54 KSA
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the configured firewall filter and access the control-plane of the dev…
CVE-2026-33775
A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (b
23:01 KSA
A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).
If the authentication packe…
CVE-2026-35621
OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validat
21:42 KSA
OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gateway client scopes for internal callers, allowing operator.write-scoped clients to mutate channel authorization policy. Attackers can exploit chat.send to …
CVE-2026-35649
OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny
23:44 KSA
OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny-all revocations by exploiting empty allowlist handling. The vulnerability treats explicit empty allowlists as unset during reconciliation, silently undoing int…
CVE-2026-35652
OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows no
01:48 KSA
OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-allowlisted senders to execute action handlers. Attackers can bypass sender authorization checks by dispatching callbacks before normal security validation co…
CVE-2026-35656
OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when
01:48 KSA
OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when trustedProxies is configured, allowing attackers to spoof loopback hops. Remote attackers can inject forged forwarding headers to bypass canvas authentication a…
CVE-2026-35657
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route
01:48 KSA
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulner…
CVE-2026-35658
OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools
01:48 KSA
OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools.fs.workspaceOnly restrictions. Attackers can traverse sandbox bridge mounts outside the workspace to read files that other filesystem tools would reject.
CVE-2026-1263
The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.
12:36 KSA
The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'webling_admin_save_form' and 'webling_admin_save…
CVE-2026-2305
The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `aFhfc_head_cod
14:54 KSA
The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `aFhfc_head_code`, `aFhfc_body_code`, and `aFhfc_footer_code` post meta values in all versions up to, and including, 2.3. This is due to the plugin outputting these meta value…
CVE-2026-5999
A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnounceme
14:54 KSA
A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be us…
CVE-2026-6005
A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function
17:16 KSA
A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function of the file /hematology_print.php. Executing a manipulation of the argument hem_id can lead to sql injection. It is possible to launch the attack remotely. The…
ثغرة حقن SQL في نظام إدارة السجلات الطبية تسمح للمهاجمين بتنفيذ استعلامات SQL عشوائية عبر معامل ID غير المحمي. يمكن للمهاجمين الوصول إلى بيانات المرضى الحساسة أو تعديلها أو حذفها دون تصريح.
ثغرة حقن SQL في نظام إدارة المشاريع الإنشائية من itsourcecode الإصدار 1.0 تسمح للمهاجمين بحقن أوامر SQL ضارة عبر معامل equipname في ملف /del.php. يمكن استغلال هذه الثغرة عن بعد دون الحاجة إلى بيانات اعتماد، مما قد يؤدي إلى الوصول غير المصرح به أو تعديل بيانات قاعدة البيانات.
CVE-2026-6010
A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknow
17:16 KSA
A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknown functionality of the file /OnlineClassroom/takeassessment2.php?exid=14. Performing a manipulation of the argument Q1 results in sql injection. Remote exploita…
CVE-2026-6030
A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of
19:18 KSA
A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of the argument toolname causes sql injection. Remote exploitation of the attack is possible. The exploit has been publis…
CVE-2026-6033
A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedet
19:18 KSA
A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedetailsfromstudent.php?eno=146891650. Executing a manipulation of the argument fname can lead to sql injection. The attack may be performed from remote. The exploi…
CVE-2023-54358
WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated
04:48 KSA
WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. Attackers can craft malicious URLs containing JavaScript payloads in the isMobile …
CVE-2023-54360
Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicio
04:48 KSA
Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review_id URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers whe…
CVE-2023-54361
Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inje
04:48 KSA
Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filter_keyword parameter. Attackers can craft URLs containing JavaScript payloads in the filter_keyword GET parameter o…
CVE-2023-54362
Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to
04:48 KSA
Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft malicious URLs containing script payloads in the keyword parameter of the pr…
CVE-2023-54363
Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to
04:48 KSA
Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, type_id, distance, facilities, categories, prices, location, and Itemi…
CVE-2023-54364
Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to i
04:48 KSA
Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter endpoint. Attackers can craft malicious URLs containing XSS payloads in the from_op…
CVE-2026-21904
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Network
06:54 KSA
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the
list filter field that, when visited by another user, enables the attacker to execute commands w…
CVE-2026-35667
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched k
05:54 KSA
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers can trigger process termination via the …
CVE-2026-4305
The Royal WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the
12:36 KSA
The Royal WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpr_pending_template' parameter in all versions up to, and including, 1.0.16 due to insufficient input validation. This makes it possible for unauthenticated …
CVE-2026-35670
OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies t
05:54 KSA
OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect web…
CVE-2026-33773
An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS
12:00 KSA
An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks.
When the sa…
CVE-2026-35655
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicti
01:48 KSA
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypa…
CVE-2026-6011
A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the
19:18 KSA
A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack c…
CVE-2026-33776
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user w
23:01 KSA
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information.
A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will ex…
CVE-2026-2712
The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability che
12:36 KSA
The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the `receive_heartbeat()` function in `includes/class-wp-optimize-heartbeat.php` in all versions up to, and including, 4.5.0. This is due to the Heartbea…
CVE-2026-33119
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized
08:16 KSA
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-35620
OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handle
21:42 KSA
OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to change owner-only session delivery policy settings, and the /allowlist mutating commands fa…
CVE-2026-35647
OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks an
23:44 KSA
OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks and reply to unpaired peers. Attackers can send verification notices to users outside allowed direct message policies by exploiting insufficient access validation…
CVE-2026-35654
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows
01:48 KSA
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback re…
CVE-2026-35661
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows
01:48 KSA
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows attackers to mutate session state without satisfying normal DM pairing requirements. Remote attackers can exploit weaker callback-only authorization in direct …
CVE-2026-35664
OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired
03:50 KSA
OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and reach callback handling without proper a…
CVE-2026-35665
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request
03:50 KSA
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exhaust server connection resources b…
CVE-2026-4664
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authentication bypass in all versions up to,
12:36 KSA
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.103.0. This is due to the `create_review_permissions_check()` function comparing the user-supplied `key` parameter against the order's `ivole_s…
CVE-2026-5998
A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function dispatch of the file
14:54 KSA
A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function dispatch of the file agent/memory/service.py of the component API Memory Content Endpoint. This manipulation of the argument filename causes path traversal. The attack can be initi…
⚠️ استخبارات التهديدات
31 تهديد
rss:Mandiant Blog
—
15:33 KSA
<strong>ما الجديد في Google Cloud</strong>
تقدم هذه المقالة نظرة عامة على أحدث التحديثات والإعلانات من Google Cloud. وهي بمثابة مورد معلومات عام بدلاً من معالجة تهديدات أو ثغرات أمنية محددة.
rss:Recorded Future
—
22:48 KSA
<strong>مراقبة بيانات الاعتماد للمستخدمين المهمين</strong>
يواجه المديرون التنفيذيون والمستخدمون ذوو الصلاحيات العالية مخاطر متزايدة لسرقة بيانات الاعتماد التي غالباً ما تفشل أنظمة المراقبة القياسية في اكتشافها. توفر خدمة مراقبة بيانات الاعتماد للمستخدمين المهمين في Recorded Fut…
rss:SecurityWeek
—
00:04 KSA
<strong>مايكروسوفت تكتشف ثغرة تعرض ملايين مستخدمي محافظ العملات الرقمية على أندرويد للخطر</strong>
اكتشفت مايكروسوفت ثغرة أمنية في حزمة تطوير البرمجيات EngageLab تؤثر على ملايين مستخدمي محافظ العملات الرقمية على أندرويد. تم الإبلاغ عن الثغرة للمورد قبل عام، مما يثير مخاوف بشأن ا…
rss:SecurityWeek
—
00:04 KSA
<strong>جوجل تطرح حماية ضد سرقة ملفات تعريف الارتباط في متصفح كروم</strong>
قدمت جوجل ميزة بيانات اعتماد الجلسة المرتبطة بالجهاز في متصفح كروم للحماية من سرقة ملفات تعريف الارتباط. تربط الميزة الجديدة جلسات المصادقة بأجهزة محددة تشفيرياً، مما يجعل ملفات تعريف الارتباط المسروقة غ…
rss:SecurityWeek
—
00:04 KSA
<strong>استغلال ثغرة حرجة في Marimo بعد ساعات من الإفصاح العلني</strong>
تم استغلال ثغرة حرجة غير مصادق عليها في Marimo في الهجمات الفعلية خلال تسع ساعات من الإفصاح العلني عنها. يُظهر التسليح السريع للثغرة التهديد الفوري الذي تشكله الثغرات المعلنة علنياً قبل أن تتمكن المؤسسات من…
rss:BleepingComputer
—
00:03 KSA
<strong>هجمات تصيد احتيالي جديدة 'فينوم' تسرق بيانات دخول مايكروسوفت للمسؤولين التنفيذيين</strong>
يستغل مجرمو الإنترنت منصة جديدة للتصيد الاحتيالي كخدمة تُدعى فينوم لاستهداف بيانات دخول مايكروسوفت للمسؤولين التنفيذيين في مختلف القطاعات. تشكل هذه العملية المتطورة تهديد…
rss:BleepingComputer
—
00:03 KSA
<strong>برمجية خبيثة جديدة 'لوسيد روك' تُستخدم في هجمات مستهدفة على المنظمات غير الحكومية والجامعات</strong>
تم اكتشاف برمجية خبيثة جديدة تعتمد على لغة لوا تُدعى لوسيد روك، تُستخدم في حملات تصيد احتيالي مستهدفة ضد المنظمات غير الحكومية والجامعات في تايوان. تمثل هذه الب…
rss:BleepingComputer
—
00:03 KSA
<strong>جوجل تطلق التشفير الشامل لجيميل على الأجهزة المحمولة</strong>
أطلقت جوجل ميزة التشفير الشامل لخدمة جيميل على أجهزة أندرويد وآي أو إس، مما يتيح لمستخدمي المؤسسات قراءة وكتابة الرسائل بشكل آمن دون الحاجة لأدوات إضافية. يوفر هذا التحسين الأمني حماية أقوى للاتصالات المؤسسية …
rss:SecurityWeek
—
23:01 KSA
<strong>مؤسسة MITRE تطلق إطار عمل مكافحة الاحتيال</strong>
أطلقت مؤسسة MITRE إطار عمل مكافحة الاحتيال، وهو نموذج قائم على السلوك يوثق التكتيكات والتقنيات التي يستخدمها المحتالون. يساعد هذا الإطار المؤسسات على فهم التهديدات السيبرانية المتعلقة بالاحتيال والدفاع ضدها من خلال توفير…
rss:SecurityWeek
—
23:01 KSA
<strong>متصفح Chrome 147 يعالج 60 ثغرة أمنية بينها ثغرتان حرجتان بقيمة 86,000 دولار</strong>
أصدرت جوجل متصفح Chrome 147 لمعالجة 60 ثغرة أمنية بما في ذلك ثغرتان حرجتان في مكون WebML أبلغ عنهما باحثون مجهولون. يجب على المؤسسات إعطاء الأولوية لتحديث المتصفح فوراً للحماية من الاستغ…
rss:SecurityWeek
—
23:01 KSA
<strong>ثغرات في نظام Orthanc DICOM تؤدي إلى انهيار النظام وتنفيذ تعليمات برمجية عن بُعد</strong>
تم اكتشاف ثغرات حرجة في برنامج Orthanc DICOM للتصوير الطبي قد تسمح للمهاجمين بتنفيذ تعليمات برمجية عن بُعد، والتسبب في انهيار الأنظمة من خلال هجمات حجب الخدمة، والكشف عن معلومات حسا…
rss:Dark Reading
—
23:01 KSA
<strong>هل تستطيع أنثروبيك إبقاء الذكاء الاصطناعي الخاص بكتابة الاستغلالات بعيداً عن الأيدي الخطأ؟</strong>
أطلقت أنثروبيك نموذج الذكاء الاصطناعي Mythos Preview القادر على اكتشاف واستغلال الثغرات الحرجة من نوع يوم الصفر بشكل مستقل. نفذ المورد ضوابط أمنية لمنع إساءة الاستخدام، مم…
rss:Dark Reading
—
23:01 KSA
<strong>أجهزة التحكم الصناعية لا تزال عرضة للخطر مع انتقال النزاعات إلى الفضاء السيبراني</strong>
أصدرت الحكومة الأمريكية تحذيراً بشأن الهجمات المستهدفة على أجهزة التحكم المنطقية القابلة للبرمجة في البيئات الصناعية. حدد البحث الأمني 179 جهازاً من أجهزة التكنولوجيا التشغيلية المع…
rss:Dark Reading
—
23:01 KSA
<strong>أورانج بيزنس تعيد تصور اتصالات الصوت المؤسسية بالثقة والذكاء الاصطناعي</strong>
أعلنت أورانج بيزنس عن حل اتصالات صوتية مؤسسية يدمج قدرات الذكاء الاصطناعي مع التركيز على الأمان. يمثل هذا التطور تقدماً في البنية التحتية للاتصالات المؤسسية مع التركيز على الثقة ودمج الذكاء ا…
rss:The Hacker News
—
23:01 KSA
<strong>استغلال ثغرة Marimo RCE CVE-2026-39987 خلال 10 ساعات من الإفصاح عنها</strong>
تم استغلال ثغرة حرجة لتنفيذ التعليمات البرمجية عن بُعد (CVE-2026-39987، درجة 9.3) في دفتر Marimo للبايثون خلال 10 ساعات من الإفصاح العلني عنها. تسمح هذه الثغرة قبل المصادقة للمهاجمين بتنفيذ تعل…
rss:The Hacker News
—
23:01 KSA
<strong>توزيع تحديث Smart Slider 3 Pro المخترق عبر خوادم Nextend المخترقة</strong>
اخترق مهاجمون مجهولون خوادم تحديث Nextend لتوزيع نسخة مخترقة من إضافة Smart Slider 3 Pro (الإصدار 3.5.1.35) لووردبريس وجوملا. يسمح هذا الهجوم على سلسلة التوريد للمهاجمين بحقن تعليمات برمجية خبيثة …
rss:The Hacker News
—
23:01 KSA
<strong>جوجل تطلق DBSC في كروم 146 لمنع سرقة الجلسات على ويندوز</strong>
أطلقت جوجل ميزة بيانات اعتماد الجلسة المرتبطة بالجهاز (DBSC) لجميع مستخدمي ويندوز على متصفح كروم 146 لمنع هجمات سرقة الجلسات. تربط هذه الميزة الأمنية جلسات المستخدمين بأجهزة محددة، مما يجعل ملفات تعريف الار…
rss:BleepingComputer
—
23:00 KSA
<strong>مايكروسوفت: استهداف موظفين كنديين في هجمات قرصنة الرواتب</strong>
حددت مايكروسوفت مجموعة Storm-2755 كجهة تهديد ذات دوافع مالية تنفذ هجمات 'قرصنة الرواتب' ضد الموظفين الكنديين. يقوم المهاجمون باختراق حسابات الموظفين لإعادة توجيه وسرقة مدفوعات الرواتب، مما يشكل تهديداً مال…
rss:BleepingComputer
—
23:00 KSA
<strong>اختراق CPUID لتوزيع برمجيات خبيثة عبر تنزيلات CPU-Z و HWMonitor</strong>
اخترق المهاجمون واجهة برمجة التطبيقات الخاصة بمشروع CPUID وعدلوا روابط التنزيل على الموقع الرسمي لتوزيع برمجيات خبيثة من خلال أدوات مراقبة النظام الشهيرة CPU-Z و HWMonitor. يؤثر هذا الهجوم على سلسلة…
rss:BleepingComputer
—
23:00 KSA
<strong>تحليل مليار سجل لمعالجة ثغرات CISA KEV يكشف حدود الأمن على النطاق البشري</strong>
كشف تحليل شركة Qualys لمليار سجل معالجة ثغرات CISA KEV أن معظم الثغرات الحرجة يتم استغلالها من قبل المهاجمين قبل أن يتمكن المدافعون من تصحيحها. يكشف هذا عن قيود جوهرية في عمليات الأمن السيب…
rss:Malwarebytes Lab
—
21:50 KSA
<strong>ClickFix تجد طريقة جديدة لإصابة أجهزة ماك</strong>
تطورت حملات برمجية ClickFix الخبيثة لتجاوز تحذيرات أمان macOS Tahoe من خلال استغلال محرر النصوص البرمجية بدلاً من الطرفية. تتجاوز هذه التقنية الجديدة الحماية المدمجة من آبل ضد تنفيذ الأوامر الضارة، مما يمثل تصعيداً في ال…
rss:Malwarebytes Lab
—
21:50 KSA
<strong>موقع كلود مزيف يثبت برمجيات خبيثة تمنح المهاجمين الوصول إلى جهازك</strong>
تم اكتشاف موقع مزيف متقن لتطبيق كلود للذكاء الاصطناعي يقوم بتوزيع تطبيق مخترق يثبت سراً برمجية PlugX الخبيثة. يبدو الموقع الضار مقنعاً ويمنح المهاجمين وصولاً عن بُعد للأجهزة المصابة، مما يشكل مخاط…
rss:SecurityWeek
—
21:49 KSA
<strong>ردود فعل الصناعة على اختراق إيران لأنظمة التحكم الصناعية في البنية التحتية الحرجة</strong>
أصدرت الحكومة الأمريكية تحذيرات بشأن جهات تهديد مرتبطة بإيران تقوم بالتلاعب بأنظمة المتحكمات المنطقية القابلة للبرمجة وأنظمة سكادا لإحداث اضطرابات تشغيلية في البنية التحتية الحرجة.…
rss:SecurityWeek
—
21:49 KSA
<strong>شركة جونيبر نتوركس تصدر تحديثات لعشرات الثغرات في نظام جونوس</strong>
أصدرت شركة جونيبر نتوركس تحديثات أمنية لعشرات الثغرات في نظام التشغيل جونوس. تسمح ثغرة بدرجة خطورة حرجة للمهاجمين عن بُعد بالسيطرة الكاملة على الأجهزة المعرضة للخطر دون مصادقة، مما يشكل خطراً كبيراً عل…
rss:SecurityWeek
—
21:49 KSA
<strong>في أخبار أخرى: هجوم إلكتروني يضرب شركة سترايكر، ثغرة يوم الصفر في ويندوز، اختراق حاسوب صيني فائق</strong>
تم الإبلاغ عن عدة حوادث أمن سيبراني تشمل هجوماً إلكترونياً على شركة سترايكر للأجهزة الطبية، واستغلال ثغرة يوم الصفر في ويندوز، واختراق أنظمة الحاسوب الفائق الصينية. …
rss:Dark Reading
—
21:49 KSA
<strong>FINRA تطلق مركز دمج المعلومات المالية لمكافحة تهديدات الأمن السيبراني والاحتيال</strong>
أطلقت هيئة تنظيم الصناعة المالية FINRA مركز دمج المعلومات المالية لتعزيز التعاون وتبادل المعلومات ضد تهديدات الأمن السيبراني والاحتيال التي تستهدف القطاع المالي. يهدف المركز إلى توفي…
rss:Dark Reading
—
21:49 KSA
<strong>الاختراق القادم سيبدو كعمليات اعتيادية</strong>
يجب على فرق الأمن السيبراني إجراء تحول جذري في نماذج الكشف لديها لتحديد الهجمات القائمة على بيانات الاعتماد التي تندمج مع العمليات التجارية الطبيعية. تواجه أدوات الأمن التقليدية صعوبة في اكتشاف هذه الهجمات حيث يستخدم المهاج…
rss:Dark Reading
—
21:49 KSA
<strong>اختراق Hims يكشف أكثر أنواع المعلومات الصحية حساسية</strong>
اخترق مهاجمون إلكترونيون مزود الرعاية الصحية عن بُعد Hims، مما أدى إلى كشف معلومات صحية شخصية بالغة الحساسية تشمل حالات طبية تتعلق بتساقط الشعر والوزن والصحة الجنسية. يثير الاختراق مخاوف بشأن احتمالية الابتزاز …
rss:The Hacker News
—
21:48 KSA
<strong>إضافات المتصفح هي قناة استهلاك الذكاء الاصطناعي الجديدة التي لا يتحدث عنها أحد</strong>
كشف تقرير من LayerX أن إضافات المتصفح المدعومة بالذكاء الاصطناعي تمثل نقطة عمياء أمنية حرجة في استراتيجيات أمن الذكاء الاصطناعي للمؤسسات. بينما تركز الشركات على الذكاء الاصطناعي الخفي…
rss:The Hacker News
—
21:48 KSA
<strong>حملة GlassWorm تستخدم أداة إسقاط Zig لإصابة بيئات تطوير متعددة</strong>
تطورت حملة GlassWorm لاستخدام أداة إسقاط جديدة مبنية على لغة Zig تستهدف وتصيب جميع بيئات التطوير المتكاملة على أجهزة المطورين عبر إضافات Open VSX الخبيثة. يستهدف هذا الهجوم على سلسلة التوريد المطورين…
rss:BleepingComputer
—
21:48 KSA
<strong>ما يقرب من 4,000 جهاز صناعي أمريكي معرض للهجمات السيبرانية الإيرانية</strong>
يستهدف قراصنة مرتبطون بإيران البنية التحتية الحيوية الأمريكية مع ما يقرب من 4,000 وحدة تحكم منطقية قابلة للبرمجة من Rockwell Automation معرضة للإنترنت وعرضة للهجوم. يمثل هذا تهديداً كبيراً لأنظ…
📰 أخبار الأمن السيبراني
0 مقال
لا توجد أخبار مجمّعة اليوم حتى الآن
يتم تحديث هذه النشرة تلقائياً يومياً — آخر تحديث: 10 Apr 2026
أرشيف الثغرات ·
التهديدات ·
الأخبار