Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-52703 | Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. | 9.6 | 0.44% | 2026-06-15 | 2026-06-17 |
| CVE-2026-52693 | Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions. | 9.3 | 0.30% | 2026-06-15 | 2026-06-17 |
| CVE-2026-49781 | Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-17 |
| CVE-2026-49776 | Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions. | 9.3 | 0.29% | 2026-06-15 | 2026-06-17 |
| CVE-2026-49770 | Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-17 |
| CVE-2026-49769 | Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-17 |
| CVE-2026-49768 | Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-17 |
| CVE-2026-49766 | Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions. | 9.9 | 0.51% | 2026-06-15 | 2026-06-17 |
| CVE-2026-49765 | Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-17 |
| CVE-2026-49764 | Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions. | 9.8 | 0.40% | 2026-06-15 | 2026-06-17 |
| CVE-2026-49763 | Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-07-08 |
| CVE-2026-49109 | Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-17 |
| CVE-2026-49106 | Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-17 |
| CVE-2026-49105 | Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions. | 9.8 | 0.48% | 2026-06-15 | 2026-06-17 |
| CVE-2026-49104 | Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions. | 9.8 | 0.48% | 2026-06-15 | 2026-06-17 |
| CVE-2026-49085 | Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions. | 9.8 | 0.48% | 2026-06-15 | 2026-06-17 |
| CVE-2026-49067 | Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions. | 9.3 | 0.30% | 2026-06-15 | 2026-06-17 |
| CVE-2026-48886 | Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions. | 9.3 | 0.28% | 2026-06-15 | 2026-06-17 |
| CVE-2026-48881 | Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions. | 9.1 | 0.28% | 2026-06-15 | 2026-06-17 |
| CVE-2026-48836 | Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions. | 10.0 | 0.57% | 2026-06-15 | 2026-06-17 |