NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-40750 | Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9. | 9.9 | 該当なし | 2026-06-16 | 2026-06-16 |
| CVE-2026-54198 | Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions. | 7.1 | 0.25% | 2026-06-16 | 2026-06-16 |
| CVE-2026-54197 | Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions. | 6.5 | 0.35% | 2026-06-16 | 2026-06-16 |
| CVE-2026-54191 | Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions. | 7.1 | 0.25% | 2026-06-16 | 2026-06-16 |
| CVE-2026-54190 | Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions. | 6.5 | 0.33% | 2026-06-16 | 2026-06-16 |
| CVE-2026-52715 | Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions. | 9.3 | 0.40% | 2026-06-16 | 2026-06-16 |
| CVE-2026-52714 | Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions. | 5.9 | 0.29% | 2026-06-16 | 2026-06-16 |
| CVE-2026-52712 | Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions. | 7.6 | 0.31% | 2026-06-16 | 2026-06-16 |
| CVE-2026-52711 | Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions. | 7.5 | 0.39% | 2026-06-16 | 2026-06-16 |
| CVE-2026-49774 | Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0. | 9.9 | 0.41% | 2026-06-16 | 2026-06-16 |
| CVE-2026-49772 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2. | 9.3 | 0.40% | 2026-06-16 | 2026-06-16 |
| CVE-2026-40809 | Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1. | 6.5 | 0.33% | 2026-06-16 | 2026-06-16 |
| CVE-2026-39581 | Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions. | 8.5 | 0.36% | 2026-06-16 | 2026-06-16 |
| CVE-2026-39574 | Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions. | 9.3 | 0.40% | 2026-06-16 | 2026-06-16 |
| CVE-2026-39490 | Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions. | 7.5 | 0.39% | 2026-06-16 | 2026-06-16 |
| CVE-2026-39437 | Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions. | 7.1 | 0.25% | 2026-06-16 | 2026-06-16 |
| CVE-2025-68045 | Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions. | 7.5 | 0.39% | 2026-06-16 | 2026-06-16 |
| CVE-2026-9691 | Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52703 | Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. | 9.6 | 0.35% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52702 | Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions. | 7.1 | 0.15% | 2026-06-15 | 2026-06-15 |