NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-54803 | Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions. | 9.8 | 0.45% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54802 | Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions. | 7.5 | 0.38% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54195 | Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions. | 7.1 | 0.15% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54194 | Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions. | 9.8 | 0.39% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54192 | Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions. | 7.1 | 0.19% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54189 | Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions. | 7.1 | 0.15% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54188 | Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions. | 7.1 | 0.15% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54187 | Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions. | 9.3 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54186 | Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions. | 9.3 | 0.30% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54185 | Subscriber SQL Injection in Cornerstone < 7.8.8 versions. | 8.5 | 0.34% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54184 | Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions. | 8.2 | 0.26% | 2026-06-17 | 2026-06-17 |
| CVE-2026-52706 | Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions. | 9.8 | 0.39% | 2026-06-17 | 2026-06-17 |
| CVE-2026-52705 | Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions. | 9.0 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-52698 | Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget <= 4.2.3 versions. | 7.4 | 0.22% | 2026-06-17 | 2026-06-17 |
| CVE-2026-52696 | Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions. | 7.5 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49778 | Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions. | 7.1 | 0.19% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49767 | Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions. | 9.8 | 0.55% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49113 | Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions. | 8.5 | 0.37% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49107 | Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions. | 9.8 | 0.38% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49084 | Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions. | 9.3 | 0.29% | 2026-06-17 | 2026-06-17 |