CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 120 of 27 results
«« First « Prev Page 1 / 2 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2026-23550 Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from n/a through <= 2.5.1. 9.8 20.63% 2026-01-14 2026-06-17
CVE-2025-49388 Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Privilege Escalation.This issue affects Miraculous Core Plugin: from n/a through <= 2.0.7. 9.8 5.03% 2025-08-28 2026-06-17
CVE-2025-48148 Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Using Malicious Files.This issue affects StoreKeeper for WooCommerce: from n/a through <= 14.4.4. 10.0 14.92% 2025-08-20 2026-06-17
CVE-2025-47646 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login & Registration: from n/a through <= 1.13. 9.8 21.91% 2025-05-23 2026-06-17
CVE-2025-47539 Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through <= 4.0.26. 9.8 30.92% 2025-05-23 2026-06-17
CVE-2025-47577 Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.9.2. 10.0 5.13% 2025-05-19 2026-06-17
CVE-2025-27007 Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through <= 1.0.82. 9.8 50.88% 2025-05-01 2026-06-17
CVE-2025-32583 Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post pdf2post allows Remote Code Inclusion.This issue affects PDF 2 Post: from n/a through <= 2.4.0. 9.9 13.26% 2025-04-17 2026-06-17
CVE-2024-51818 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through <= 6.4.3. 9.3 16.26% 2025-01-21 2026-06-17
CVE-2024-56064 Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through <= 2.3.3. 10.0 14.49% 2024-12-31 2026-06-17
CVE-2023-32117 Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99. 9.8 6.40% 2024-12-09 2026-06-17
CVE-2024-50498 Improper Control of Generation of Code ('Code Injection') vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through <= 1.0. 10.0 53.64% 2024-10-28 2026-06-17
CVE-2024-50477 Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through <= 5.2.3. 9.8 7.96% 2024-10-28 2026-06-17
CVE-2024-44000 Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1. 9.8 83.18% 2024-10-20 2026-06-17
CVE-2024-43917 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2. 9.3 21.77% 2024-08-29 2026-06-17
CVE-2024-28000 Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1. 9.8 68.27% 2024-08-21 2026-06-17
CVE-2024-25600 Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6. 10.0 88.23% 2024-06-04 2026-06-17
CVE-2024-27954 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0. 9.3 72.95% 2024-05-17 2026-06-17
CVE-2024-32709 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. 9.3 5.85% 2024-04-24 2026-06-17
CVE-2023-40000 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7. 8.3 54.87% 2024-04-16 2026-06-17
«« First « Prev Page 1 / 2 Next »
cvelogic Threat Intelligence