CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 121140 / 229
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2024-25600 Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6. 10.0 88.23% 2024-06-04 2026-06-17
CVE-2024-34370 Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9. 7.2 1.09% 2024-05-17 2026-06-17
CVE-2024-33644 Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9. 9.9 1.11% 2024-05-17 2026-06-17
CVE-2024-32523 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through <= 4.0.6. 8.1 1.75% 2024-05-17 2026-06-17
CVE-2024-27971 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce woo-permalink-manager.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through <= 2.3.10. 8.3 1.46% 2024-05-17 2026-06-17
CVE-2024-27954 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0. 9.3 72.95% 2024-05-17 2026-06-17
CVE-2024-24882 Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2. 9.8 2.11% 2024-05-17 2026-06-17
CVE-2024-22145 Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8. 8.8 1.11% 2024-05-17 2026-06-17
CVE-2023-46197 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19. 5.3 1.27% 2024-05-17 2026-06-17
CVE-2024-31351 Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6. 10.0 1.62% 2024-05-17 2026-06-17
CVE-2023-41954 Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1. 8.6 1.40% 2024-05-17 2026-06-17
CVE-2023-37999 Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0. 9.8 3.04% 2024-05-17 2026-06-17
CVE-2023-26540 Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1. 9.8 2.73% 2024-05-17 2026-06-17
CVE-2023-26009 Improper Privilege Management vulnerability in Favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3. 9.8 2.73% 2024-05-17 2026-06-17
CVE-2024-34555 Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through 1.11.3. 10.0 1.22% 2024-05-14 2026-06-17
CVE-2024-32700 Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through 2.0.0. 10.0 2.58% 2024-05-14 2026-06-17
CVE-2024-33911 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4. 7.6 1.09% 2024-05-02 2026-06-17
CVE-2024-33575 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0. 5.3 1.12% 2024-04-29 2026-06-17
CVE-2024-33566 Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4. 10.0 1.07% 2024-04-29 2026-06-17
CVE-2024-33559 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5. 9.3 3.55% 2024-04-29 2026-06-17
cvelogic Threat Intelligence