NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-49081 | Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions. | 8.2 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49080 | Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions. | 9.3 | 0.31% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49079 | Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions. | 9.3 | 0.35% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49076 | Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions. | 9.3 | 0.38% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49075 | Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions. | 9.8 | 0.39% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49073 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3. | 8.5 | 0.21% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49058 | Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions. | 9.8 | 0.33% | 2026-06-17 | 2026-06-17 |
| CVE-2026-48967 | Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions. | 8.5 | 0.33% | 2026-06-17 | 2026-06-17 |
| CVE-2026-48875 | Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions. | 9.3 | 0.37% | 2026-06-17 | 2026-06-17 |
| CVE-2026-42629 | Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions. | 8.8 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-42380 | Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions. | 9.8 | 0.51% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40783 | Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions. | 9.9 | 0.54% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40761 | Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions. | 8.1 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40760 | Unauthenticated PHP Object Injection in Behold <= 1.5 versions. | 8.1 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40759 | Unauthenticated PHP Object Injection in Esmée <= 1.4 versions. | 8.1 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40758 | Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions. | 8.1 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40755 | Unauthenticated PHP Object Injection in TechLink <= 1.3 versions. | 8.1 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40754 | Unauthenticated PHP Object Injection in Roisin <= 1.4 versions. | 8.1 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40753 | Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions. | 8.1 | 0.31% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40751 | Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions. | 8.1 | 0.32% | 2026-06-17 | 2026-06-17 |