CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 121140 / 1195
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2026-39519 Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions. 9.3 0.28% 2026-06-15 2026-06-17
CVE-2026-39512 Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions. 9.3 0.28% 2026-06-15 2026-06-17
CVE-2026-39511 Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 versions. 9.3 0.29% 2026-06-15 2026-06-17
CVE-2026-39502 Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions. 9.3 0.28% 2026-06-15 2026-06-17
CVE-2026-39493 Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9.27 versions. 9.3 0.36% 2026-06-15 2026-06-17
CVE-2026-39492 Unauthenticated SQL Injection in WP Maps <= 4.9.1 versions. 9.3 0.36% 2026-06-15 2026-06-17
CVE-2026-39465 Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider <= 3.106.0 versions. 9.1 0.68% 2026-06-15 2026-06-17
CVE-2026-39441 Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free <= 5.3 versions. 9.3 0.28% 2026-06-15 2026-06-17
CVE-2026-34901 Unauthenticated Privilege Escalation in iControlWP <= 5.5.3 versions. 9.8 0.32% 2026-06-15 2026-06-17
CVE-2026-27053 Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions. 9.8 0.39% 2026-06-15 2026-06-17
CVE-2026-52704 Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion. This issue affects WooCommerce PDF Invoice Builder: from n/a through 2.0.8. 10.0 0.31% 2026-06-15 2026-06-17
CVE-2026-49060 Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4. 9.8 0.46% 2026-06-11 2026-06-17
CVE-2026-42647 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7. 9.3 1.30% 2026-06-11 2026-06-17
CVE-2026-39494 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2. 9.3 0.39% 2026-06-11 2026-06-17
CVE-2026-49777 Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. 10.0 1.66% 2026-06-05 2026-06-17
CVE-2026-42684 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1. 9.3 0.29% 2026-06-02 2026-06-17
CVE-2025-53209 Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0. 9.8 0.27% 2026-06-02 2026-06-17
CVE-2026-42672 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.1. 9.3 0.24% 2026-06-01 2026-06-17
CVE-2026-48879 Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17. 9.8 0.34% 2026-06-01 2026-06-17
CVE-2026-48866 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1. 9.6 0.50% 2026-06-01 2026-06-17
cvelogic Threat Intelligence