NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-52692 | Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions. | 7.5 | 0.24% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49782 | Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0. | 5.4 | 0.15% | 2026-06-02 | 2026-06-02 |
| CVE-2026-49781 | Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49780 | Customer Privilege Escalation in Dokan <= 5.0.2 versions. | 8.8 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49777 | Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. | 10.0 | 1.24% | 2026-06-05 | 2026-06-08 |
| CVE-2026-49776 | Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions. | 9.3 | 0.29% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49775 | Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions. | 6.5 | 0.19% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49774 | Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0. | 9.9 | 0.41% | 2026-06-16 | 2026-06-16 |
| CVE-2026-49773 | Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions. | 6.5 | 0.17% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49772 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2. | 9.3 | 0.24% | 2026-06-16 | 2026-06-16 |
| CVE-2026-49771 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41. | 7.6 | 0.23% | 2026-06-04 | 2026-06-04 |
| CVE-2026-49770 | Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49769 | Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49768 | Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions. | 9.8 | 0.55% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49766 | Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions. | 9.9 | 0.51% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49765 | Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49764 | Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions. | 9.8 | 0.40% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49763 | Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49112 | Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions. | 7.5 | 0.33% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49111 | Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0. | 8.8 | 0.24% | 2026-06-15 | 2026-06-15 |