NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-54185 | Subscriber SQL Injection in Cornerstone < 7.8.8 versions. | 8.5 | 0.34% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54184 | Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions. | 8.2 | 0.26% | 2026-06-17 | 2026-06-17 |
| CVE-2026-52716 | Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions. | 6.5 | 0.35% | 2026-06-17 | 2026-06-17 |
| CVE-2026-52715 | Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions. | 9.3 | 0.25% | 2026-06-16 | 2026-06-17 |
| CVE-2026-52714 | Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions. | 5.9 | 0.18% | 2026-06-16 | 2026-06-17 |
| CVE-2026-52712 | Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions. | 7.6 | 0.24% | 2026-06-16 | 2026-06-17 |
| CVE-2026-52711 | Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions. | 7.5 | 0.23% | 2026-06-16 | 2026-06-17 |
| CVE-2026-52707 | Unauthenticated Local File Inclusion in Kastell <= 2.0 versions. | 8.1 | 0.44% | 2026-06-17 | 2026-06-17 |
| CVE-2026-52706 | Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions. | 9.8 | 0.39% | 2026-06-17 | 2026-06-17 |
| CVE-2026-52705 | Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions. | 9.0 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-52704 | Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion. This issue affects WooCommerce PDF Invoice Builder: from n/a through 2.0.8. | 10.0 | 0.31% | 2026-06-15 | 2026-06-17 |
| CVE-2026-52703 | Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. | 9.6 | 0.34% | 2026-06-15 | 2026-06-17 |
| CVE-2026-52702 | Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions. | 7.1 | 0.15% | 2026-06-15 | 2026-06-17 |
| CVE-2026-52700 | Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions. | 8.5 | 0.35% | 2026-06-15 | 2026-06-17 |
| CVE-2026-52699 | Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions. | 7.5 | 0.24% | 2026-06-15 | 2026-06-17 |
| CVE-2026-52698 | Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget <= 4.2.3 versions. | 7.4 | 0.22% | 2026-06-17 | 2026-06-17 |
| CVE-2026-52697 | Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. | 8.5 | 0.35% | 2026-06-15 | 2026-06-17 |
| CVE-2026-52696 | Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions. | 7.5 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-52695 | Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. | 7.5 | 0.24% | 2026-06-15 | 2026-06-17 |
| CVE-2026-52694 | Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions. | 7.5 | 0.24% | 2026-06-15 | 2026-06-17 |