Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-57686 | Unauthenticated Cross Site Scripting (XSS) in WowAddons <= 1.6.14 versions. | 7.1 | 0.19% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57685 | Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme <= 3.2.8 versions. | 4.3 | 0.25% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57684 | Contributor Cross Site Scripting (XSS) in TheFox <= 3.9.70 versions. | 6.5 | 0.17% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57683 | Unauthenticated SQL Injection in WP Fast Total Search <= 1.80.280 versions. | 9.3 | 0.25% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57682 | Unauthenticated Cross Site Scripting (XSS) in Simple Link Directory <= 15.0.5 versions. | 7.1 | 0.19% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57681 | Subscriber Server Side Request Forgery (SSRF) in GeoDirectory <= 2.8.161 versions. | 6.4 | 0.23% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57680 | Unauthenticated Insecure Direct Object References (IDOR) in Kirki <= 6.0.11 versions. | 6.5 | 0.25% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57679 | Unauthenticated SQL Injection in GeekyBot <= 1.2.5 versions. | 9.3 | 0.25% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57678 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePunch Slider Revolution allows Reflected XSS. This issue affects Slider Revolution: from 7.0.0 through 7.0.16. | 7.1 | 0.15% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57677 | Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce <= 12.10.3 versions. | 9.8 | 0.34% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57675 | Unauthenticated Cross Site Scripting (XSS) in WP Photo Album Plus <= 9.2.02.004 versions. | 7.1 | 0.19% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57674 | Unauthenticated Cross Site Scripting (XSS) in Timetics <= 1.0.58 versions. | 7.1 | 0.19% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57673 | Unauthenticated Cross Site Scripting (XSS) in Optimole <= 4.2.7 versions. | 7.1 | 0.19% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57672 | Unauthenticated Cross Site Scripting (XSS) in wpDataTables <= 6.5.1.1 versions. | 7.1 | 0.19% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57671 | Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.4 versions. | 7.1 | 0.19% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57670 | Unauthenticated Cross Site Scripting (XSS) in Google Maps CP <= 1.2.5 versions. | 7.1 | 0.19% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57669 | Subscriber Broken Access Control in Advanced Contact form 7 DB <= 2.0.9 versions. | 6.5 | 0.34% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57625 | Unauthenticated Cross Site Scripting (XSS) in Admin and Site Enhancements (ASE) Pro <= 8.8.5 versions. | 9.6 | 0.27% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57624 | Unauthenticated Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.46 versions. | 10.0 | 0.70% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57623 | Unauthenticated Arbitrary Code Execution in W3 Total Cache <= 2.9.4 versions. | 9.0 | 0.33% | 2026-07-02 | 2026-07-02 |