NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-57331 | Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions. | 9.9 | 0.34% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57330 | Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions. | 6.5 | 0.17% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57329 | Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions. | 6.5 | 0.21% | 2026-06-29 | 2026-07-01 |
| CVE-2026-57328 | Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions. | 6.5 | 0.21% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57327 | Subscriber Broken Access Control in MainWP <= 6.1.1 versions. | 6.3 | 0.25% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57326 | Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions. | 6.1 | 0.18% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57320 | Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions. | 7.1 | 0.18% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57346 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Epiphyt Embed Privacy allows Path Traversal. This issue affects Embed Privacy: from n/a through 1.12.3. | 7.1 | 0.27% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57676 | Authorization Bypass Through User-Controlled Key vulnerability in Matteo Manna Simple User Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple User Avatar: from n/a through 4.9. | 4.3 | 0.18% | 2026-06-29 | 2026-07-08 |
| CVE-2026-57667 | Sales Representative SQL Injection in Groundhogg <= 4.5 versions. | 8.5 | 0.21% | 2026-06-26 | 2026-06-29 |
| CVE-2026-57665 | Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions. | 5.3 | 0.19% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57664 | Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions. | 4.3 | 0.18% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57663 | Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions. | 8.5 | 0.21% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57662 | Contributor SQL Injection in Contest Gallery <= 30.0.0 versions. | 8.5 | 0.21% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57661 | Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions. | 5.4 | 0.22% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57660 | Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions. | 5.3 | 0.18% | 2026-06-26 | 2026-06-29 |
| CVE-2026-57659 | Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions. | 8.8 | 0.13% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57658 | Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions. | 9.1 | 0.28% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57657 | Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions. | 4.3 | 0.10% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57656 | Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions. | 5.9 | 0.14% | 2026-06-26 | 2026-06-26 |