CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 101120 of 7201 results
«« First « Prev Page 6 / 361 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2026-54842 Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25. 8.1 0.19% 2026-06-25 2026-06-25
CVE-2026-54841 Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions. 7.5 0.29% 2026-06-25 2026-06-25
CVE-2026-54838 Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions. 8.5 0.27% 2026-06-25 2026-06-25
CVE-2026-54836 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5. 9.3 0.23% 2026-06-25 2026-06-25
CVE-2026-54830 Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions. 7.5 0.24% 2026-06-25 2026-06-29
CVE-2026-54829 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005. 7.5 0.19% 2026-06-25 2026-06-25
CVE-2026-54828 Unauthenticated Broken Access Control in Motors <= 1.4.109 versions. 7.5 0.24% 2026-06-25 2026-06-25
CVE-2026-54823 Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions. 9.9 0.43% 2026-06-25 2026-06-25
CVE-2026-54822 Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions. 8.5 0.27% 2026-06-25 2026-06-25
CVE-2026-54821 Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions. 7.4 0.26% 2026-06-25 2026-06-25
CVE-2026-27366 Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions. 7.5 0.22% 2026-06-25 2026-06-29
CVE-2026-56052 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.15.0.5. 7.6 0.23% 2026-06-24 2026-06-25
CVE-2026-56012 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35. 8.5 0.21% 2026-06-18 2026-06-18
CVE-2026-54812 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109. 9.3 0.29% 2026-06-17 2026-06-17
CVE-2026-54810 Missing Authorization vulnerability in Nexi Payments Nexi XPay allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nexi XPay: from n/a through 8.3.1. 7.5 0.24% 2026-06-17 2026-06-17
CVE-2026-54819 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0. 9.3 0.24% 2026-06-17 2026-06-17
CVE-2026-54818 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11. 8.5 0.21% 2026-06-17 2026-06-17
CVE-2026-54816 Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21. 7.5 0.29% 2026-06-17 2026-06-17
CVE-2026-54815 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6. 9.3 0.24% 2026-06-17 2026-06-17
CVE-2026-54814 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109. 8.1 0.34% 2026-06-17 2026-06-17
«« First « Prev Page 6 / 361 Next »
cvelogic Threat Intelligence