CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 120 of 122 results
«« First « Prev Page 1 / 7 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2026-42647 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7. 9.3 1.30% 2026-06-11 2026-06-17
CVE-2026-49777 Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. 10.0 1.66% 2026-06-05 2026-06-17
CVE-2026-23550 Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from n/a through <= 2.5.1. 9.8 20.63% 2026-01-14 2026-06-17
CVE-2025-49388 Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Privilege Escalation.This issue affects Miraculous Core Plugin: from n/a through <= 2.0.7. 9.8 5.03% 2025-08-28 2026-06-17
CVE-2025-54726 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows SQL Injection.This issue affects JS Archive List: from n/a through < 6.1.6. 9.3 1.43% 2025-08-20 2026-06-17
CVE-2025-48148 Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Using Malicious Files.This issue affects StoreKeeper for WooCommerce: from n/a through <= 14.4.4. 10.0 14.92% 2025-08-20 2026-06-17
CVE-2025-49029 Improper Control of Generation of Code ('Code Injection') vulnerability in bitto.kazi Custom Login And Signup Widget custom-login-and-signup-widget allows Code Injection.This issue affects Custom Login And Signup Widget: from n/a through <= 1.0. 9.1 2.12% 2025-07-01 2026-06-17
CVE-2025-48281 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Product Designer mystyle-custom-product-designer allows Blind SQL Injection.This issue affects MyStyle Custom Product Designer: from n/a through <= 3.21.1. 9.3 1.31% 2025-06-09 2026-06-17
CVE-2025-47646 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login & Registration: from n/a through <= 1.13. 9.8 21.91% 2025-05-23 2026-06-17
CVE-2025-47539 Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through <= 4.0.26. 9.8 30.92% 2025-05-23 2026-06-17
CVE-2025-47577 Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.9.2. 10.0 5.13% 2025-05-19 2026-06-17
CVE-2025-27007 Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through <= 1.0.82. 9.8 50.88% 2025-05-01 2026-06-17
CVE-2025-32583 Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post pdf2post allows Remote Code Inclusion.This issue affects PDF 2 Post: from n/a through <= 2.4.0. 9.9 13.26% 2025-04-17 2026-06-17
CVE-2025-30911 Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Command Injection.This issue affects RTMKit: from n/a through <= 1.5.4. 9.9 1.76% 2025-04-01 2026-06-17
CVE-2025-28915 Unrestricted Upload of File with Dangerous Type vulnerability in Theme Egg ThemeEgg ToolKit themeegg-toolkit allows Upload a Web Shell to a Web Server.This issue affects ThemeEgg ToolKit: from n/a through <= 1.2.9. 9.1 1.19% 2025-03-11 2026-06-17
CVE-2025-22630 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Marketing Fire Widget Options widget-options allows OS Command Injection.This issue affects Widget Options: from n/a through <= 4.1.0. 9.9 1.12% 2025-02-14 2026-06-17
CVE-2025-23942 Unrestricted Upload of File with Dangerous Type vulnerability in ngocuct0912 WP Load Gallery wp-load-gallery allows Upload a Web Shell to a Web Server.This issue affects WP Load Gallery: from n/a through <= 2.1.6. 9.1 2.62% 2025-01-22 2026-06-17
CVE-2024-51818 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through <= 6.4.3. 9.3 16.26% 2025-01-21 2026-06-17
CVE-2025-23922 Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder embed-ispring allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a through <= 1.0. 10.0 1.03% 2025-01-16 2026-06-17
CVE-2025-22785 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System course-booking-system allows SQL Injection.This issue affects Course Booking System: from n/a through <= 6.0.6. 9.3 2.85% 2025-01-15 2026-06-17
«« First « Prev Page 1 / 7 Next »
cvelogic Threat Intelligence