Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-52705 | Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions. | 9.0 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-32519 | Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue affects Bit SMTP: from n/a through <= 1.2.2. | 9.0 | 0.34% | 2026-03-25 | 2026-06-17 |
| CVE-2026-27984 | Improper Control of Generation of Code ('Code Injection') vulnerability in Marketing Fire Widget Options widget-options allows Code Injection.This issue affects Widget Options: from n/a through <= 4.1.3. | 9.0 | 0.27% | 2026-03-05 | 2026-06-17 |
| CVE-2026-27540 | Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture woocommerce-wholesale-lead-capture allows Using Malicious Files.This issue affects Woocommerce Wholesale Lead Capture: from n/a through <= 2.0.3.1. | 9.0 | 0.47% | 2026-03-19 | 2026-06-17 |
| CVE-2026-27384 | Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through <= 2.9.1. | 9.0 | 0.30% | 2026-03-05 | 2026-06-17 |
| CVE-2025-68015 | Improper Control of Generation of Code ('Code Injection') vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through <= 2.8.5. | 9.0 | 0.32% | 2026-01-22 | 2026-06-17 |
| CVE-2025-66074 | Unrestricted Upload of File with Dangerous Type vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Path Traversal.This issue affects WP Webhooks: from n/a through <= 3.3.8. | 9.0 | 0.24% | 2025-12-18 | 2026-06-17 |
| CVE-2025-62023 | Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member.This issue affects s2Member: from n/a through <= 250905. | 9.0 | 0.38% | 2025-10-22 | 2026-06-17 |
| CVE-2025-54693 | Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block form-block allows Upload a Web Shell to a Web Server.This issue affects Form Block: from n/a through <= 1.5.5. | 9.0 | 0.31% | 2025-08-14 | 2026-06-17 |
| CVE-2025-47586 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors - Events stm-motors-events allows PHP Local File Inclusion.This issue affects Motors - Events: from n/a through <= 1.4.7. | 9.0 | 0.55% | 2025-06-06 | 2026-06-17 |
| CVE-2025-47579 | Deserialization of Untrusted Data vulnerability in ThemeGoods Photography photography allows Object Injection.This issue affects Photography: from n/a through <= 7.7.2. | 9.0 | 0.30% | 2025-09-09 | 2026-06-17 |
| CVE-2025-31916 | Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium allows Upload a Web Shell to a Web Server. This issue affects JP Students Result Management System Premium: from 1.1.7 through n/a. | 9.0 | 0.37% | 2025-05-23 | 2026-06-17 |
| CVE-2025-26916 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pixflow Massive Dynamic massive-dynamic.This issue affects Massive Dynamic: from n/a through <= 8.2. | 9.0 | 0.59% | 2025-03-10 | 2026-06-17 |
| CVE-2025-26873 | Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1. | 9.0 | 0.37% | 2025-03-27 | 2026-06-17 |
| CVE-2025-23921 | Unrestricted Upload of File with Dangerous Type vulnerability in sh1zen Multi Uploader for Gravity Forms gf-multi-uploader allows Upload a Web Shell to a Web Server.This issue affects Multi Uploader for Gravity Forms: from n/a through <= 1.1.3. | 9.0 | 0.49% | 2025-01-22 | 2026-06-17 |
| CVE-2025-22699 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler Code traveler-code.This issue affects Traveler Code: from n/a through < 3.1.2. | 9.0 | 0.35% | 2025-02-04 | 2026-06-17 |
| CVE-2024-51919 | Unrestricted Upload of File with Dangerous Type vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through <= 6.4.3. | 9.0 | 0.50% | 2025-01-21 | 2026-06-17 |
| CVE-2024-51815 | Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member allows Code Injection.This issue affects s2Member: from n/a through <= 241114. | 9.0 | 0.45% | 2024-12-06 | 2026-06-17 |
| CVE-2024-43252 | Deserialization of Untrusted Data vulnerability in Crew HRM Crew HRM hr-management.This issue affects Crew HRM: from n/a through <= 1.1.1. | 9.0 | 0.44% | 2024-08-19 | 2026-06-17 |
| CVE-2024-43242 | Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.This issue affects Ultimate Membership Pro: from n/a through <= 12.7. | 9.0 | 0.54% | 2024-08-19 | 2026-06-17 |