Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-52699 | Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions. | 7.5 | 0.24% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52697 | Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. | 8.5 | 0.35% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52695 | Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. | 7.5 | 0.25% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52694 | Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions. | 7.5 | 0.24% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52693 | Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions. | 9.3 | 0.30% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52692 | Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions. | 7.5 | 0.24% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49781 | Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49780 | Customer Privilege Escalation in Dokan <= 5.0.2 versions. | 8.8 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49776 | Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions. | 9.3 | 0.29% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49775 | Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions. | 6.5 | 0.19% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49773 | Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions. | 6.5 | 0.17% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49770 | Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49769 | Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49768 | Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions. | 9.8 | 0.55% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49766 | Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions. | 9.9 | 0.51% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49765 | Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49764 | Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions. | 9.8 | 0.40% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49763 | Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49112 | Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions. | 7.5 | 0.33% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49110 | Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions. | 7.5 | 0.24% | 2026-06-15 | 2026-06-15 |