Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2024-50427 | Unrestricted Upload of File with Dangerous Type vulnerability in devsoftbaltic SurveyJS surveyjs.This issue affects SurveyJS: from n/a through <= 1.9.136. | 9.9 | 1.01% | 2024-10-29 | 2026-06-17 |
| CVE-2024-50493 | Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation automatic-translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through <= 1.0.4. | 10.0 | 1.03% | 2024-10-29 | 2026-06-17 |
| CVE-2024-50482 | Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0. | 10.0 | 1.03% | 2024-10-29 | 2026-06-17 |
| CVE-2024-50491 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MicahBlu RSVP ME rsvp-me allows SQL Injection.This issue affects RSVP ME: from n/a through <= 1.9.9. | 9.3 | 1.00% | 2024-10-28 | 2026-06-17 |
| CVE-2024-50483 | Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This issue affects Meetup: from n/a through <= 0.1. | 9.8 | 2.38% | 2024-10-28 | 2026-06-17 |
| CVE-2024-50478 | Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5. | 9.8 | 1.08% | 2024-10-28 | 2026-06-17 |
| CVE-2024-50498 | Improper Control of Generation of Code ('Code Injection') vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through <= 1.0. | 10.0 | 53.64% | 2024-10-28 | 2026-06-17 |
| CVE-2024-50492 | Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson ScottCart scottcart allows Code Injection.This issue affects ScottCart: from n/a through <= 1.1. | 8.3 | 1.35% | 2024-10-28 | 2026-06-17 |
| CVE-2024-50477 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through <= 5.2.3. | 9.8 | 7.96% | 2024-10-28 | 2026-06-17 |
| CVE-2024-50450 | Improper Control of Generation of Code ('Code Injection') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Code Injection.This issue affects MDTF: from n/a through <= 1.3.3.4. | 7.3 | 1.15% | 2024-10-28 | 2026-06-17 |
| CVE-2024-49681 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows SQL Injection.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.0.9. | 9.3 | 1.06% | 2024-10-24 | 2026-06-17 |
| CVE-2024-49668 | Unrestricted Upload of File with Dangerous Type vulnerability in christopherdewese1099 Verbalize WP verbalize-wp allows Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a through <= 1.0. | 10.0 | 1.46% | 2024-10-23 | 2026-06-17 |
| CVE-2024-49653 | Unrestricted Upload of File with Dangerous Type vulnerability in james-eggers Portfolleo portfolleo allows Upload a Web Shell to a Web Server.This issue affects Portfolleo: from n/a through <= 1.2. | 9.9 | 1.15% | 2024-10-23 | 2026-06-17 |
| CVE-2024-44000 | Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1. | 9.8 | 83.18% | 2024-10-20 | 2026-06-17 |
| CVE-2024-49607 | Unrestricted Upload of File with Dangerous Type vulnerability in redhopit WP Dropbox Dropins wp-dropbox-dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through <= 1.0. | 10.0 | 1.03% | 2024-10-20 | 2026-06-17 |
| CVE-2024-49328 | Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through <= 1.0.0. | 9.8 | 1.46% | 2024-10-20 | 2026-06-17 |
| CVE-2024-49271 | Deserialization of Untrusted Data vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor allows Command Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through <= 1.5.121. | 9.1 | 1.11% | 2024-10-16 | 2026-06-17 |
| CVE-2024-48042 | Deserialization of Untrusted Data vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through <= 1.7.28. | 9.1 | 1.13% | 2024-10-16 | 2026-06-17 |
| CVE-2024-47374 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through <= 6.5.0.2. | 7.1 | 1.41% | 2024-10-05 | 2026-06-17 |
| CVE-2024-43989 | Server-Side Request Forgery (SSRF) vulnerability in Firsh Justified Image Grid justified-image-grid.This issue affects Justified Image Grid: from n/a through <= 4.6.1. | 7.5 | 12.23% | 2024-09-22 | 2026-06-17 |