NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-49763 | Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49109 | Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49106 | Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49105 | Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49104 | Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49085 | Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49067 | Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions. | 9.3 | 0.30% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49065 | Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions. | 8.2 | 0.24% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48970 | Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions. | 8.1 | 0.32% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48964 | Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions. | 8.5 | 0.33% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48889 | Subscriber Privilege Escalation in Amelia <= 2.3 versions. | 8.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48886 | Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions. | 9.3 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48882 | Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions. | 8.5 | 0.33% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48881 | Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions. | 9.1 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48874 | Subscriber SQL Injection in GamiPress <= 7.8.7 versions. | 8.5 | 0.33% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48836 | Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions. | 10.0 | 0.57% | 2026-06-15 | 2026-06-15 |
| CVE-2026-45439 | Unauthenticated SQL Injection in Realtyna Organic IDX plugin <= 5.1.0 versions. | 9.3 | 0.29% | 2026-06-15 | 2026-06-15 |
| CVE-2026-42687 | Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions. | 8.1 | 0.32% | 2026-06-15 | 2026-06-15 |
| CVE-2026-42665 | Unauthenticated SQL Injection in WP Data Access <= 5.5.70 versions. | 9.3 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-42664 | Unauthenticated Broken Access Control in AI Product Search for WooCommerce – Motive Commerce Search <= 1.38.2 versions. | 8.2 | 0.25% | 2026-06-15 | 2026-06-15 |