Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-40750 | Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9. | 9.9 | 0.27% | 2026-06-16 | 2026-06-16 |
| CVE-2026-52715 | Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions. | 9.3 | 0.25% | 2026-06-16 | 2026-06-16 |
| CVE-2026-49774 | Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0. | 9.9 | 0.41% | 2026-06-16 | 2026-06-16 |
| CVE-2026-49772 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2. | 9.3 | 0.24% | 2026-06-16 | 2026-06-16 |
| CVE-2026-39574 | Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions. | 9.3 | 0.23% | 2026-06-16 | 2026-06-16 |
| CVE-2026-9691 | Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52703 | Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. | 9.6 | 0.35% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52693 | Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions. | 9.3 | 0.30% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49781 | Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49776 | Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions. | 9.3 | 0.29% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49770 | Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49769 | Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49768 | Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions. | 9.8 | 0.55% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49766 | Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions. | 9.9 | 0.51% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49765 | Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49764 | Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions. | 9.8 | 0.40% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49763 | Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49109 | Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49106 | Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49105 | Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |