Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-49107 | Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions. | 9.8 | 0.38% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49084 | Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions. | 9.3 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49081 | Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions. | 8.2 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49080 | Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions. | 9.3 | 0.31% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49079 | Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions. | 9.3 | 0.35% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49076 | Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions. | 9.3 | 0.38% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49075 | Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions. | 9.8 | 0.39% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49073 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3. | 8.5 | 0.28% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49058 | Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions. | 9.8 | 0.33% | 2026-06-17 | 2026-06-17 |
| CVE-2026-48967 | Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions. | 8.5 | 0.33% | 2026-06-17 | 2026-06-17 |
| CVE-2026-48875 | Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions. | 9.3 | 0.37% | 2026-06-17 | 2026-06-17 |
| CVE-2026-42629 | Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions. | 8.8 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-42380 | Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions. | 9.8 | 0.51% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40783 | Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions. | 9.9 | 0.54% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40761 | Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions. | 8.1 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40760 | Unauthenticated PHP Object Injection in Behold <= 1.5 versions. | 8.1 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40759 | Unauthenticated PHP Object Injection in Esmée <= 1.4 versions. | 8.1 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40758 | Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions. | 8.1 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40755 | Unauthenticated PHP Object Injection in TechLink <= 1.3 versions. | 8.1 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40754 | Unauthenticated PHP Object Injection in Roisin <= 1.4 versions. | 8.1 | 0.32% | 2026-06-17 | 2026-06-17 |