CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 101120 / 16855
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2025-30911 Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Command Injection.This issue affects RTMKit: from n/a through <= 1.5.4. 9.9 1.73% 2025-04-01 2026-06-17
CVE-2025-32614 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This issue affects EventON: from n/a through <= 2.4. 8.8 1.73% 2025-04-11 2026-06-17
CVE-2024-32128 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Realtyna Realtyna Organic IDX plugin.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.4. 9.3 1.72% 2024-04-15 2026-06-17
CVE-2024-47308 Missing Authorization vulnerability in WPDeveloper Templately templately.This issue affects Templately: from n/a through <= 3.1.2. 6.5 1.70% 2024-11-01 2026-06-17
CVE-2023-23897 Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1.7.2 versions. 4.3 1.67% 2023-07-10 2026-06-17
CVE-2026-34885 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows SQL Injection.This issue affects Media LIbrary Assistant: from n/a through 3.34. 8.5 1.67% 2026-04-06 2026-06-17
CVE-2024-55982 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in richteam Share Buttons – Social Media rich-web-share-button allows Blind SQL Injection.This issue affects Share Buttons – Social Media: from n/a through <= 1.0.2. 9.3 1.67% 2024-12-16 2026-06-17
CVE-2024-56059 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in farinspace Partners partners allows Object Injection.This issue affects Partners: from n/a through <= 0.2.0. 9.8 1.66% 2024-12-18 2026-06-17
CVE-2024-56058 Deserialization of Untrusted Data vulnerability in denniskravetstns VRPConnector vrpconnector allows Object Injection.This issue affects VRPConnector: from n/a through <= 2.0.1. 9.8 1.66% 2024-12-18 2026-06-17
CVE-2026-49777 Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. 10.0 1.66% 2026-06-05 2026-06-17
CVE-2023-32590 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category.This issue affects Subscribe to Category: from n/a through 2.7.4. 9.3 1.65% 2023-12-20 2026-06-17
CVE-2022-27862 Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form. 9.8 1.64% 2022-04-19 2026-06-17
CVE-2024-31351 Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6. 10.0 1.62% 2024-05-17 2026-06-17
CVE-2024-27972 Improper Control of Generation of Code ('Code Injection') vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite.This issue affects WP Fusion Lite: from n/a through <= 3.41.24. 9.9 1.61% 2024-04-03 2026-06-17
CVE-2025-69411 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus allows Path Traversal.This issue affects ionCube tester plus: from n/a through <= 1.3. 7.5 1.61% 2026-03-05 2026-06-17
CVE-2024-52380 Unrestricted Upload of File with Dangerous Type vulnerability in softpulseinfotech Picsmize picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through <= 1.0.0. 10.0 1.54% 2024-11-14 2026-06-17
CVE-2024-30464 Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.This issue affects Social Icons Widget & Block by WPZOOM: from n/a through 4.2.15. 5.4 1.52% 2024-06-09 2026-06-17
CVE-2024-54369 Missing Authorization vulnerability in ThemeHunk Zita Site Builder ai-site-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through <= 1.0.2. 9.1 1.50% 2024-12-16 2026-06-17
CVE-2024-43918 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4. 10.0 1.49% 2024-08-29 2026-06-17
CVE-2024-49328 Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through <= 1.0.0. 9.8 1.46% 2024-10-20 2026-06-17
cvelogic Threat Intelligence