🛡️ CVE Vulnerability Database

CVE vulnerabilities with bilingual AI analysis tailored for Saudi Arabia

CVE ID	Title / Description	Severity	CVSS	Status	Published
CVE-2026-22197	GestSup SQL Injection Vulnerabilities in Asset List Functionality… GestSup versions prior to 3.2.60 contain multiple SQL injection vulnerabilities in the asset list fu…	HIGH	8.1	✅ AI	Jan 9, 2026
CVE-2026-22196	SQL Injection Vulnerability in GestSup Ticket Creation (CVE-2026-… GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in ticket creation functional…	HIGH	8.1	✅ AI	Jan 9, 2026
CVE-2026-22195	SQL Injection Vulnerability in GestSup Search Functionality (CVE-… GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in the search bar functionali…	HIGH	8.1	✅ AI	Jan 9, 2026
CVE-2026-22194	GestSup CSRF Vulnerability Enables Unauthorized Privileged Accoun… GestSup versions up to and including 3.2.60 contain a cross-site request forgery (CSRF) vulnerabilit…	HIGH	8.8	✅ AI	Jan 9, 2026
CVE-2026-20976	Samsung Galaxy Store Arbitrary Script Execution via Input Validat… Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute a…	HIGH	7.8	✅ AI	Jan 9, 2026
CVE-2026-20971	Samsung Android PROCA Driver Use-After-Free Vulnerability Enables… Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially…	HIGH	7.8	✅ AI	Jan 9, 2026
CVE-2026-20970	Samsung SLocation Privilege Escalation Vulnerability (CVE-2026-20… Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execu…	HIGH	7.8	✅ AI	Jan 9, 2026
CVE-2025-66052	Vivotek IP7137 Camera Command Injection Vulnerability (CVE-2025-6… Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "sys…	HIGH	7.2	✅ AI	Jan 9, 2026
CVE-2025-66049	Vivotek IP7137 Camera RTSP Authentication Bypass Vulnerability Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue w…	HIGH	7.5	✅ AI	Jan 9, 2026
CVE-2025-64091	Zenitel TCIS-3 NTP Configuration Command Injection Vulnerability … This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of t…	HIGH	8.6	✅ AI	Jan 9, 2026
CVE-2025-15057	SlimStat Analytics WordPress Plugin Stored XSS via Fingerprint Pa… The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fh…	HIGH	7.2	✅ AI	Jan 9, 2026
CVE-2025-15055	SlimStat Analytics WordPress Plugin Stored XSS Vulnerability (CVE… The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'no…	HIGH	7.2	✅ AI	Jan 9, 2026
CVE-2025-14937	Stored XSS Vulnerability in Frontend Admin WordPress Plugin (CVE-… The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting v…	HIGH	7.2	✅ AI	Jan 9, 2026
CVE-2025-14657	Eventin WordPress Plugin Unauthenticated Settings Modification an… The Eventin – Event Manager, Events Calendar, Event Tickets and Registrations plugin for WordPress i…	HIGH	7.2	✅ AI	Jan 9, 2026
CVE-2026-22245	Mastodon SSRF Vulnerability Allows Access to Internal Network Res… Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon perf…	HIGH	7.5	✅ AI	Jan 8, 2026
CVE-2026-22244	OpenMetadata Server-Side Template Injection Enables Remote Code E… OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code …	HIGH	7.2	⚡ ✅ AI	Jan 8, 2026
CVE-2026-22241	Critical File Upload Vulnerability in Open eClass Platform Enable… The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Pr…	HIGH	7.2	⚡ ✅ AI	Jan 8, 2026
CVE-2026-22042	RustFS IAM Permission Validation Bypass Enables Privilege Escalat… RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.79, he `Im…	HIGH	8.8	⚡ ✅ AI	Jan 8, 2026
CVE-2026-22035	Greenshot OS Command Injection via Unsanitized Filename Processin… Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to O…	HIGH	7.7	⚡ ✅ AI	Jan 8, 2026
CVE-2025-68151	CoreDNS Resource Exhaustion Vulnerability in gRPC, HTTPS, and HTT… CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implem…	HIGH	7.5	✅ AI	Jan 8, 2026
CVE-2019-25291	INIM SmartLiving Hard-Coded Credentials Vulnerability (CVE-2019-2… INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distri…	HIGH	7.5	✅ AI	Jan 8, 2026
CVE-2019-25289	SmartLiving SmartLAN Authenticated Remote Command Injection Vulne… SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the w…	HIGH	8.8	✅ AI	Jan 8, 2026
CVE-2019-25279	FaceSentry Access Control System Cleartext Password Storage Vulne… FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allo…	HIGH	7.5	⚡ ✅ AI	Jan 8, 2026
CVE-2019-25231	Devolo dLAN Cockpit Unquoted Service Path Privilege Escalation Vu… devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkServi…	HIGH	8.4	✅ AI	Jan 8, 2026
CVE-2026-22190	Panda3D egg-mkfont Uncontrolled Format String Vulnerability (CVE-… Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulne…	HIGH	7.5	⚡ ✅ AI	Jan 7, 2026

← 1 2 3 4 →

🤖 AI Analysis Active

AI analysis includes: Arabic description, Saudi impact assessment, remediation steps, compliance mapping (NCA ECC, SAMA CSF, ISO 27001) and MITRE ATT&CK techniques.

1,706 CVEs analyzed

🔴 Recent Critical CVEs

9.8

9.8

9.8