Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-57737 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta LTD Shortcodes and extra features for Phlox theme allows DOM-Based XSS. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.16. | 6.5 | 0.14% | 2026-07-01 | 2026-07-02 |
| CVE-2026-57736 | Insertion of Sensitive Information Into Sent Data vulnerability in HubSpot allows Retrieve Embedded Sensitive Data. This issue affects HubSpot: from n/a through 11.3.51. | 7.4 | 0.18% | 2026-07-01 | 2026-07-01 |
| CVE-2026-57723 | Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Path Traversal. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.12. | 7.4 | 0.12% | 2026-07-01 | 2026-07-01 |
| CVE-2026-57722 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1. | 5.9 | 0.15% | 2026-07-01 | 2026-07-02 |
| CVE-2026-57721 | Missing Authorization vulnerability in WP Reloaded ApplyOnline allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline: from n/a through 2.6.7.6. | 5.3 | 0.18% | 2026-07-01 | 2026-07-01 |
| CVE-2026-57720 | Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThumbPress: from n/a through 6.3.2. | 4.3 | 0.20% | 2026-07-01 | 2026-07-01 |
| CVE-2026-27409 | Missing Authorization vulnerability in Webba Plugins Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 6.4.13. | 5.3 | 0.20% | 2026-07-01 | 2026-07-01 |
| CVE-2026-57692 | Incorrect Privilege Assignment vulnerability in LCweb PrivateContent allows Privilege Escalation. This issue affects PrivateContent: from n/a through 9.9.2. | 9.8 | 0.29% | 2026-07-01 | 2026-07-01 |
| CVE-2026-27435 | Missing Authorization vulnerability in WofficeIO Woffice allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woffice: from n/a before 5.4.33. | 5.3 | 0.24% | 2026-07-01 | 2026-07-01 |
| CVE-2026-57341 | Unauthenticated Insecure Direct Object References (IDOR) in Colissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 versions. | 6.5 | 0.26% | 2026-06-29 | 2026-07-01 |
| CVE-2026-57340 | Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions. | 6.5 | 0.20% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57339 | Unauthenticated Broken Access Control in Business Directory <= 6.4.23 versions. | 6.5 | 0.20% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57338 | Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions. | 7.1 | 0.15% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57337 | Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions. | 7.1 | 0.15% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57336 | Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions. | 7.1 | 0.15% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57335 | Subscriber Broken Access Control in Ads by WPQuads <= 3.0.3 versions. | 6.5 | 0.23% | 2026-06-29 | 2026-07-01 |
| CVE-2026-57334 | Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions. | 6.5 | 0.20% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57333 | Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions. | 7.1 | 0.15% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57332 | Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions. | 7.1 | 0.26% | 2026-06-29 | 2026-06-29 |
| CVE-2026-57331 | Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions. | 9.9 | 0.34% | 2026-06-29 | 2026-06-29 |