NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-57780 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Envision Envision Page Builder envision-page-builder allows DOM-Based XSS.This issue affects Envision Page Builder: from n/a through <= 0.22. | 6.5 | 0.22% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57779 | Missing Authorization vulnerability in themebeez Fascinate fascinate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fascinate: from n/a through <= 1.1.5. | 5.3 | 0.29% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57776 | Missing Authorization vulnerability in vowelweb VW Wedding vw-wedding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Wedding: from n/a through <= 1.3.7. | 5.3 | 0.41% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57774 | Missing Authorization vulnerability in vowelweb VW Food Corner vw-food-corner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Food Corner: from n/a through <= 1.1.0. | 5.3 | 0.41% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57773 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zorem Advanced Shipment Tracking for WooCommerce woo-advanced-shipment-tracking allows Blind SQL Injection.This issue affects Advanced Shipment Tracking for WooCommerce: from n/a through <= 4.0. | 7.6 | 0.37% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57772 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Blind SQL Injection.This issue affects WP Inventory Manager: from n/a through <= 2.4.0. | 8.5 | 0.36% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57771 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Rating System gd-rating-system allows Blind SQL Injection.This issue affects GD Rating System: from n/a through <= 3.7. | 8.5 | 0.36% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57768 | Incorrect Privilege Assignment vulnerability in favethemes Houzez Login Register houzez-login-register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through <= 3.3.3. | 8.2 | 0.32% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57745 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Reflected XSS.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5. | 7.1 | 0.25% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57744 | Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5. | 9.8 | 0.56% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57743 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusion.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5. | 8.1 | 0.56% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57741 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Stored XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through <= 10.11.0. | 7.1 | 0.25% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57739 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Blind SQL Injection.This issue affects AcyMailing SMTP Newsletter: from n/a through <= 10.11.0. | 9.3 | 0.40% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57738 | Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This issue affects 777: from n/a through <= 1.13.0. | 9.8 | 0.56% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57734 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.3. | 7.1 | 0.25% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57733 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Cloud Library td-cloud-library allows DOM-Based XSS.This issue affects tagDiv Cloud Library: from n/a through <= 3.9.4. | 7.1 | 0.25% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57732 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows DOM-Based XSS.This issue affects tagDiv Opt-In Builder: from n/a through <= 1.7.4. | 7.1 | 0.25% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57727 | Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through <= 6.0.13. | 7.5 | 0.39% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57726 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Kirki kirki allows Blind SQL Injection.This issue affects Kirki: from n/a through <= 6.0.12. | 9.3 | 0.40% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57725 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Kirki kirki allows Stored XSS.This issue affects Kirki: from n/a through <= 6.0.11. | 7.1 | 0.25% | 2026-07-13 | 2026-07-13 |