NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-54812 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109. | 9.3 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54809 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10. | 9.3 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54806 | Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions. | 9.8 | 0.53% | 2026-06-17 | 2026-06-17 |
| CVE-2026-52706 | Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions. | 9.8 | 0.39% | 2026-06-17 | 2026-06-17 |
| CVE-2026-52705 | Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions. | 9.0 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49107 | Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions. | 9.8 | 0.38% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49084 | Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions. | 9.3 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49076 | Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions. | 9.3 | 0.38% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40748 | Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions. | 9.9 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40746 | Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions. | 9.9 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40725 | Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions. | 9.8 | 0.38% | 2026-06-17 | 2026-06-17 |
| CVE-2026-25446 | Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions. | 9.9 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2026-24611 | Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions. | 9.1 | 0.44% | 2026-06-17 | 2026-06-17 |
| CVE-2026-22332 | Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions. | 9.3 | 0.28% | 2026-06-17 | 2026-06-17 |
| CVE-2025-69179 | Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions. | 9.8 | 0.45% | 2026-06-17 | 2026-06-17 |
| CVE-2025-69127 | Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions. | 9.8 | 0.39% | 2026-06-17 | 2026-06-17 |
| CVE-2025-60230 | Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9. | 9.8 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2025-59554 | Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions. | 9.3 | 0.38% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54819 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0. | 9.3 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54815 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6. | 9.3 | 0.24% | 2026-06-17 | 2026-06-17 |