Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-57646 | Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions. | 5.4 | 0.18% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57645 | newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions. | 8.1 | 0.19% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57644 | Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions. | 8.5 | 0.21% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57643 | Contributor SQL Injection in WP Post Author <= 3.9.1 versions. | 8.5 | 0.21% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57642 | Contributor SQL Injection in Gallery <= 4.7.8 versions. | 8.5 | 0.21% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57641 | Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions. | 6.5 | 0.13% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57640 | Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions. | 4.3 | 0.24% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57638 | Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions. | 6.5 | 0.16% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57637 | Unauthenticated Cross Site Request Forgery (CSRF) in Abandoned Cart Lite for WooCommerce <= 6.8.0 versions. | 4.3 | 0.11% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57636 | Contributor SQL Injection in wpForo Forum <= 3.0.9 versions. | 8.5 | 0.21% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57635 | Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerce <= 1.14.0.3 versions. | 6.5 | 0.12% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57634 | Contributor Insecure Direct Object References (IDOR) in PPWP <= 1.9.19 versions. | 4.3 | 0.18% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57633 | Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare <= 1.1.0 versions. | 5.3 | 0.24% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57632 | Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions. | 5.4 | 0.27% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57631 | Administrator SQL Injection in Popup box <= 6.0.1 versions. | 7.6 | 0.28% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57630 | Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions. | 5.3 | 0.23% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57629 | Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions. | 6.5 | 0.16% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57628 | Administrator SQL Injection in WP All Import <= 4.0.1 versions. | 7.6 | 0.28% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57627 | Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions. | 4.9 | 0.18% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57622 | Subscriber Broken Access Control in WPCafe <= 3.0.14 versions. | 4.3 | 0.26% | 2026-06-26 | 2026-06-26 |