Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-40753 | Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions. | 8.1 | 0.31% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40751 | Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions. | 8.1 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40749 | Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions. | 9.9 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40748 | Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions. | 9.9 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40747 | Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions. | 9.9 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40746 | Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions. | 9.9 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40739 | Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions. | 8.1 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40736 | Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions. | 8.1 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40735 | Unauthenticated PHP Object Injection in Reina <= 2.1 versions. | 8.1 | 0.40% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40731 | Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions. | 8.1 | 0.42% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40726 | Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions. | 8.2 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40725 | Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions. | 9.8 | 0.38% | 2026-06-17 | 2026-06-17 |
| CVE-2026-39598 | Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2. | 8.0 | 0.28% | 2026-06-17 | 2026-06-17 |
| CVE-2026-39596 | Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions. | 9.3 | 0.37% | 2026-06-17 | 2026-06-17 |
| CVE-2026-39589 | Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions. | 9.9 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2026-39582 | Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions. | 8.1 | 0.34% | 2026-06-17 | 2026-06-17 |
| CVE-2026-39580 | Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions. | 8.1 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-39573 | Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions. | 8.1 | 0.40% | 2026-06-17 | 2026-06-17 |
| CVE-2026-39568 | Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions. | 8.1 | 0.42% | 2026-06-17 | 2026-06-17 |
| CVE-2026-39567 | Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions. | 8.1 | 0.40% | 2026-06-17 | 2026-06-17 |