NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-9691 | Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-17 |
| CVE-2026-56012 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35. | 8.5 | 該当なし | 2026-06-18 | 2026-06-18 |
| CVE-2026-54819 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0. | 9.3 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54818 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11. | 8.5 | 0.21% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54815 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6. | 9.3 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54814 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109. | 8.1 | 0.34% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54813 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0. | 8.5 | 0.21% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54812 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109. | 9.3 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54811 | Unauthenticated SQL Injection in WP eMember < v10.9.4 versions. | 9.3 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54809 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10. | 9.3 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54808 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4. | 9.3 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54807 | Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions. | 9.8 | 0.45% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54806 | Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions. | 9.8 | 0.53% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54805 | Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions. | 8.8 | 0.39% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54803 | Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions. | 9.8 | 0.45% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54194 | Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions. | 9.8 | 0.53% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54187 | Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions. | 9.3 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54186 | Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions. | 9.3 | 0.30% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54185 | Subscriber SQL Injection in Cornerstone < 7.8.8 versions. | 8.5 | 0.34% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54184 | Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions. | 8.2 | 0.26% | 2026-06-17 | 2026-06-17 |