Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-57682 | Unauthenticated Cross Site Scripting (XSS) in Simple Link Directory <= 15.0.5 versions. | 7.1 | 0.19% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57681 | Subscriber Server Side Request Forgery (SSRF) in GeoDirectory <= 2.8.161 versions. | 6.4 | 0.23% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57680 | Unauthenticated Insecure Direct Object References (IDOR) in Kirki <= 6.0.11 versions. | 6.5 | 0.25% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57679 | Unauthenticated SQL Injection in GeekyBot <= 1.2.5 versions. | 9.3 | 0.25% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57678 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePunch Slider Revolution allows Reflected XSS. This issue affects Slider Revolution: from 7.0.0 through 7.0.16. | 7.1 | 0.15% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57677 | Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce <= 12.10.3 versions. | 9.8 | 0.34% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57676 | Authorization Bypass Through User-Controlled Key vulnerability in Matteo Manna Simple User Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple User Avatar: from n/a through 4.9. | 4.3 | 0.18% | 2026-06-29 | 2026-07-08 |
| CVE-2026-57675 | Unauthenticated Cross Site Scripting (XSS) in WP Photo Album Plus <= 9.2.02.004 versions. | 7.1 | 0.19% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57674 | Unauthenticated Cross Site Scripting (XSS) in Timetics <= 1.0.58 versions. | 7.1 | 0.19% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57673 | Unauthenticated Cross Site Scripting (XSS) in Optimole <= 4.2.7 versions. | 7.1 | 0.19% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57672 | Unauthenticated Cross Site Scripting (XSS) in wpDataTables <= 6.5.1.1 versions. | 7.1 | 0.19% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57671 | Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.4 versions. | 7.1 | 0.19% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57670 | Unauthenticated Cross Site Scripting (XSS) in Google Maps CP <= 1.2.5 versions. | 7.1 | 0.19% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57669 | Subscriber Broken Access Control in Advanced Contact form 7 DB <= 2.0.9 versions. | 6.5 | 0.34% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57668 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through <= 9.2.2. | 7.1 | 0.25% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57667 | Sales Representative SQL Injection in Groundhogg <= 4.5 versions. | 8.5 | 0.21% | 2026-06-26 | 2026-06-29 |
| CVE-2026-57665 | Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions. | 5.3 | 0.19% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57664 | Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions. | 4.3 | 0.18% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57663 | Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions. | 8.5 | 0.21% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57662 | Contributor SQL Injection in Contest Gallery <= 30.0.0 versions. | 8.5 | 0.21% | 2026-06-26 | 2026-06-26 |