CVE 列表 – 发现高风险与在野利用漏洞

聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。

分配机构(CNA / 来源):[email protected] 移除此筛选

显示 10112016964 条结果
CVE 描述 最高 CVSS EPSS % 公开时间 更新时间
CVE-2025-29005 Cross-Site Request Forgery (CSRF) vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Cross Site Request Forgery.This issue affects HR Management Lite: from n/a through <= 3.6. 4.3 0.05% 2025-06-06 2026-06-17
CVE-2025-28984 Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscription Renewal Reminders for WooCommerce subscriptions-renewal-reminders allows Cross Site Request Forgery.This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through <= 1.4.1. 4.3 0.05% 2025-06-06 2026-06-17
CVE-2025-28981 Cross-Site Request Forgery (CSRF) vulnerability in Soli WP Mail Options wp-mail-options allows Stored XSS.This issue affects WP Mail Options: from n/a through <= 0.2.3. 7.1 0.05% 2025-06-06 2026-06-17
CVE-2025-28974 Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP free-wp-mail-smtp allows Stored XSS.This issue affects Free WP Mail SMTP: from n/a through <= 1.0. 7.1 0.05% 2025-06-06 2026-06-17
CVE-2025-28966 Cross-Site Request Forgery (CSRF) vulnerability in dilemma123 Recent Posts Slider Responsive recent-posts-slider-responsive allows Stored XSS.This issue affects Recent Posts Slider Responsive: from n/a through <= 1.0.1. 7.1 0.05% 2025-06-06 2026-06-17
CVE-2025-28964 Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon personal-favicon allows Stored XSS.This issue affects Personal Favicon: from n/a through <= 2.0. 7.1 0.05% 2025-06-06 2026-06-17
CVE-2025-28958 Cross-Site Request Forgery (CSRF) vulnerability in Vadim Bogaiskov Bg Orthodox Calendar bg-orthodox-calendar allows Stored XSS.This issue affects Bg Orthodox Calendar: from n/a through <= 0.13.10. 7.1 0.05% 2025-06-06 2026-06-17
CVE-2025-28952 Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Lau CubePoints cubepoints allows Cross Site Request Forgery.This issue affects CubePoints: from n/a through <= 3.2.1. 4.3 0.05% 2025-06-06 2026-06-17
CVE-2025-28950 Cross-Site Request Forgery (CSRF) vulnerability in David Shabtai Post Author post-author allows Stored XSS.This issue affects Post Author: from n/a through <= 1.1.1. 7.1 0.05% 2025-06-06 2026-06-17
CVE-2025-27360 Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Cross Site Request Forgery.This issue affects Quick Event Calendar: from n/a through <= 1.4.9. 4.3 0.05% 2025-06-06 2026-06-17
CVE-2025-27359 Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media File Type Manager wp-media-file-type-manager allows Cross Site Request Forgery.This issue affects WP Media File Type Manager: from n/a through <= 2.3.1. 4.3 0.05% 2025-06-06 2026-06-17
CVE-2025-24772 Cross-Site Request Forgery (CSRF) vulnerability in cmsMinds Pay with Contact Form 7 pay-with-contact-form-7 allows Cross Site Request Forgery.This issue affects Pay with Contact Form 7: from n/a through <= 1.0.4. 5.4 0.05% 2025-06-06 2026-06-17
CVE-2025-22634 Cross-Site Request Forgery (CSRF) vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress easy-booked allows Cross Site Request Forgery.This issue affects Easy Booked – Appointment Booking and Scheduling Management System for WordPress: from n/a through <= 2.4.5. 5.4 0.05% 2025-03-27 2026-06-17
CVE-2025-58831 Cross-Site Request Forgery (CSRF) vulnerability in snagysandor Parallax Scrolling Enllax.js parallax-scrolling-enllax-js allows Cross Site Request Forgery.This issue affects Parallax Scrolling Enllax.js: from n/a through <= 0.0.6. 4.3 0.05% 2025-09-05 2026-06-17
CVE-2025-26768 Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field 3-word-address-validation-field allows Stored XSS.This issue affects what3words Address Field: from n/a through <= 4.0.15. 7.1 0.05% 2025-02-16 2026-06-17
CVE-2025-26759 Cross-Site Request Forgery (CSRF) vulnerability in alexvtn Content Snippet Manager content-snippet-manager allows Stored XSS.This issue affects Content Snippet Manager: from n/a through <= 1.1.5. 7.1 0.05% 2025-02-16 2026-06-17
CVE-2025-62908 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. 0.05% 2025-10-26 2025-11-21
CVE-2025-52709 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. 0.05% 2025-06-27 2025-09-04
CVE-2025-25168 Cross-Site Request Forgery (CSRF) vulnerability in Black and White BookPress – For Book Authors book-press allows Cross-Site Scripting (XSS).This issue affects BookPress – For Book Authors: from n/a through <= 1.2.7. 7.1 0.05% 2025-02-07 2026-06-17
CVE-2025-25166 Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation inlocation allows Stored XSS.This issue affects InLocation: from n/a through <= 1.8. 7.1 0.05% 2025-02-07 2026-06-17
cvelogic Threat Intelligence