NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-39529 | Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions. | 9.8 | 0.38% | 2026-06-17 | 2026-06-17 |
| CVE-2026-39438 | Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions. | 9.3 | 0.37% | 2026-06-17 | 2026-06-17 |
| CVE-2026-27429 | Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions. | 9.8 | 0.53% | 2026-06-17 | 2026-06-17 |
| CVE-2026-27395 | Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions. | 9.8 | 0.34% | 2026-06-17 | 2026-06-17 |
| CVE-2026-27041 | Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions. | 9.9 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-25470 | Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT (Pro) - Custom Post Types Plugin for WordPress: from n/a through 2.0.47. | 10.0 | 0.41% | 2026-06-17 | 2026-06-17 |
| CVE-2026-25446 | Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions. | 9.9 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2026-24611 | Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions. | 9.1 | 0.44% | 2026-06-17 | 2026-06-17 |
| CVE-2026-22340 | Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions. | 9.3 | 0.37% | 2026-06-17 | 2026-06-17 |
| CVE-2026-22332 | Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions. | 9.3 | 0.28% | 2026-06-17 | 2026-06-17 |
| CVE-2026-22327 | Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions. | 9.9 | 0.46% | 2026-06-17 | 2026-06-17 |
| CVE-2025-69179 | Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions. | 9.8 | 0.45% | 2026-06-17 | 2026-06-17 |
| CVE-2025-69129 | Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions. | 10.0 | 0.35% | 2026-06-17 | 2026-06-17 |
| CVE-2025-69122 | Unauthenticated PHP Object Injection in SeaFood Company <= 1.4 versions. | 9.8 | 0.53% | 2026-06-17 | 2026-06-17 |
| CVE-2025-69108 | Unauthenticated PHP Object Injection in Hot Coffee <= 1.7 versions. | 9.8 | 0.53% | 2026-06-17 | 2026-06-17 |
| CVE-2025-60218 | Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions. | 9.9 | 0.45% | 2026-06-17 | 2026-06-17 |
| CVE-2025-60205 | Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions. | 9.8 | 0.53% | 2026-06-17 | 2026-06-17 |
| CVE-2024-52488 | Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions. | 9.9 | 0.47% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40750 | Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9. | 9.9 | 0.27% | 2026-06-16 | 2026-06-17 |
| CVE-2026-52715 | Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions. | 9.3 | 0.25% | 2026-06-16 | 2026-06-17 |