CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 141160 of 17114 results
«« First « Prev Page 8 / 856 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2026-57682 Unauthenticated Cross Site Scripting (XSS) in Simple Link Directory <= 15.0.5 versions. 7.1 0.19% 2026-07-02 2026-07-02
CVE-2026-57681 Subscriber Server Side Request Forgery (SSRF) in GeoDirectory <= 2.8.161 versions. 6.4 0.23% 2026-07-02 2026-07-02
CVE-2026-57680 Unauthenticated Insecure Direct Object References (IDOR) in Kirki <= 6.0.11 versions. 6.5 0.25% 2026-07-02 2026-07-02
CVE-2026-57679 Unauthenticated SQL Injection in GeekyBot <= 1.2.5 versions. 9.3 0.25% 2026-07-02 2026-07-02
CVE-2026-57678 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePunch Slider Revolution allows Reflected XSS. This issue affects Slider Revolution: from 7.0.0 through 7.0.16. 7.1 0.15% 2026-07-02 2026-07-02
CVE-2026-57677 Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce <= 12.10.3 versions. 9.8 0.34% 2026-07-02 2026-07-02
CVE-2026-57676 Authorization Bypass Through User-Controlled Key vulnerability in Matteo Manna Simple User Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple User Avatar: from n/a through 4.9. 4.3 0.18% 2026-06-29 2026-07-08
CVE-2026-57675 Unauthenticated Cross Site Scripting (XSS) in WP Photo Album Plus <= 9.2.02.004 versions. 7.1 0.19% 2026-07-02 2026-07-02
CVE-2026-57674 Unauthenticated Cross Site Scripting (XSS) in Timetics <= 1.0.58 versions. 7.1 0.19% 2026-07-02 2026-07-02
CVE-2026-57673 Unauthenticated Cross Site Scripting (XSS) in Optimole <= 4.2.7 versions. 7.1 0.19% 2026-07-02 2026-07-02
CVE-2026-57672 Unauthenticated Cross Site Scripting (XSS) in wpDataTables <= 6.5.1.1 versions. 7.1 0.19% 2026-07-02 2026-07-02
CVE-2026-57671 Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.4 versions. 7.1 0.19% 2026-07-02 2026-07-02
CVE-2026-57670 Unauthenticated Cross Site Scripting (XSS) in Google Maps CP <= 1.2.5 versions. 7.1 0.19% 2026-07-02 2026-07-02
CVE-2026-57669 Subscriber Broken Access Control in Advanced Contact form 7 DB <= 2.0.9 versions. 6.5 0.34% 2026-07-02 2026-07-02
CVE-2026-57668 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through <= 9.2.2. 7.1 0.25% 2026-07-13 2026-07-13
CVE-2026-57667 Sales Representative SQL Injection in Groundhogg <= 4.5 versions. 8.5 0.21% 2026-06-26 2026-06-29
CVE-2026-57665 Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions. 5.3 0.19% 2026-06-26 2026-06-26
CVE-2026-57664 Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions. 4.3 0.18% 2026-06-26 2026-06-26
CVE-2026-57663 Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions. 8.5 0.21% 2026-06-26 2026-06-26
CVE-2026-57662 Contributor SQL Injection in Contest Gallery <= 30.0.0 versions. 8.5 0.21% 2026-06-26 2026-06-26
«« First « Prev Page 8 / 856 Next »
cvelogic Threat Intelligence