Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-57651 | Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions. | 6.5 | 0.13% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57650 | Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions. | 6.5 | 0.13% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57649 | Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions. | 4.3 | 0.21% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57648 | Contributor Broken Access Control in Nelio Content <= 4.3.4 versions. | 4.3 | 0.15% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57647 | Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions. | 7.5 | 0.26% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57646 | Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions. | 5.4 | 0.18% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57645 | newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions. | 8.1 | 0.19% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57644 | Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions. | 8.5 | 0.21% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57643 | Contributor SQL Injection in WP Post Author <= 3.9.1 versions. | 8.5 | 0.21% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57642 | Contributor SQL Injection in Gallery <= 4.7.8 versions. | 8.5 | 0.21% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57641 | Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions. | 6.5 | 0.13% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57640 | Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions. | 4.3 | 0.24% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57638 | Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions. | 6.5 | 0.16% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57637 | Unauthenticated Cross Site Request Forgery (CSRF) in Abandoned Cart Lite for WooCommerce <= 6.8.0 versions. | 4.3 | 0.11% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57636 | Contributor SQL Injection in wpForo Forum <= 3.0.9 versions. | 8.5 | 0.21% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57635 | Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerce <= 1.14.0.3 versions. | 6.5 | 0.12% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57634 | Contributor Insecure Direct Object References (IDOR) in PPWP <= 1.9.19 versions. | 4.3 | 0.18% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57633 | Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare <= 1.1.0 versions. | 5.3 | 0.24% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57632 | Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions. | 5.4 | 0.27% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57631 | Administrator SQL Injection in Popup box <= 6.0.1 versions. | 7.6 | 0.28% | 2026-06-26 | 2026-06-26 |