CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 101120 / 16964
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2022-25610 Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit. 3.4 0.69% 2022-03-25 2026-06-17
CVE-2022-25611 Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][]. 4.1 0.55% 2022-03-25 2026-06-17
CVE-2022-25612 Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact]. 4.1 0.55% 2022-03-25 2026-06-17
CVE-2022-25613 Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter. 4.1 0.54% 2022-04-04 2026-06-17
CVE-2022-25614 Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings. 4.3 0.42% 2022-04-11 2026-06-17
CVE-2022-25615 Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion. 4.3 0.42% 2022-04-11 2026-06-17
CVE-2022-25617 Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin <= 2.14.3 at WordPress via &orderby vulnerable parameter. 4.7 0.76% 2022-05-18 2026-06-17
CVE-2022-25618 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27 3.4 0.53% 2022-04-04 2026-06-17
CVE-2022-25649 Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress. 5.0 0.69% 2022-08-05 2026-06-17
CVE-2022-25952 Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress. 4.3 0.28% 2022-11-03 2026-06-17
CVE-2022-26366 Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin <= 5.9 on WordPress. 5.4 0.26% 2022-11-30 2026-06-17
CVE-2022-26375 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology AB Press Optimizer plugin <= 1.1.1 on WordPress. 4.8 0.40% 2022-10-17 2026-06-17
CVE-2022-27235 Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. 6.3 0.69% 2022-07-22 2026-06-17
CVE-2022-27628 Cross-Site Request Forgery (CSRF) vulnerability in AA-Team WZone – Lite Version plugin 3.1 Lite versions. 4.7 0.23% 2023-02-06 2026-06-17
CVE-2022-27844 Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70 2.7 1.42% 2022-04-11 2026-06-17
CVE-2022-27845 Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) in PlausibleHQ Plausible Analytics (WordPress plugin) <= 1.2.2 4.8 0.81% 2022-04-11 2026-06-17
CVE-2022-27846 Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to create or modify slider. 4.3 0.40% 2022-04-13 2026-06-17
CVE-2022-27847 Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to import templates. 4.3 0.40% 2022-04-13 2026-06-17
CVE-2022-27848 Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1 3.4 0.53% 2022-04-14 2026-06-17
CVE-2022-27849 Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115 5.3 4.62% 2022-04-15 2026-06-17
cvelogic Threat Intelligence