Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-27436 | Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions. | 9.1 | 0.40% | 2026-07-02 | 2026-07-02 |
| CVE-2026-27414 | Contributor PHP Object Injection in Werkstatt <= 4.8.3 versions. | 8.8 | 0.29% | 2026-07-02 | 2026-07-02 |
| CVE-2025-69156 | Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions. | 7.1 | 0.18% | 2026-07-02 | 2026-07-02 |
| CVE-2025-69133 | Subscriber Local File Inclusion in Tourmaster <= 5.4.5 versions. | 7.5 | 0.40% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57764 | Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions. | 6.5 | 0.14% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57757 | Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup <= 2.0.2 versions. | 7.1 | 0.12% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57751 | Unauthenticated Cross Site Request Forgery (CSRF) in Heateor Social Login <= 1.1.39 versions. | 8.1 | 0.14% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57731 | Contributor Broken Access Control in Flatsome <= 3.20.5 versions. | 6.5 | 0.21% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57722 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1. | 5.9 | 0.15% | 2026-07-01 | 2026-07-02 |
| CVE-2026-57686 | Unauthenticated Cross Site Scripting (XSS) in WowAddons <= 1.6.14 versions. | 7.1 | 0.19% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57680 | Unauthenticated Insecure Direct Object References (IDOR) in Kirki <= 6.0.11 versions. | 6.5 | 0.25% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57672 | Unauthenticated Cross Site Scripting (XSS) in wpDataTables <= 6.5.1.1 versions. | 7.1 | 0.19% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57623 | Unauthenticated Arbitrary Code Execution in W3 Total Cache <= 2.9.4 versions. | 9.0 | 0.33% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57360 | Unauthenticated Cross Site Scripting (XSS) in eCommerce Product Catalog <= 3.5.4 versions. | 7.1 | 0.19% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57355 | Subscriber Broken Access Control in Classified Listing <= 5.4.2 versions. | 6.5 | 0.30% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57354 | Subscriber Cross Site Scripting (XSS) in JetReviews <= 3.0.0.1 versions. | 6.5 | 0.22% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57349 | Unauthenticated Cross Site Scripting (XSS) in WPeMatico RSS Feed Fetcher <= 2.8.17 versions. | 7.1 | 0.19% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57348 | Unauthenticated Server Side Request Forgery (SSRF) in Paid Member Subscriptions <= 3.0.4 versions. | 7.2 | 0.20% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57342 | Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive Images <= 3.11.3 versions. | 6.5 | 0.22% | 2026-07-02 | 2026-07-02 |
| CVE-2026-49779 | Customer Path Traversal in Tax Exempt for WooCommerce <= 1.9.3 versions. | 6.5 | 0.34% | 2026-07-02 | 2026-07-02 |