聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2026-56024 | Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal WP EasyPay allows Cross Site Request Forgery. This issue affects WP EasyPay: from n/a through 4.4.0. | 6.5 | 无 | 2026-06-18 | 2026-06-18 |
| CVE-2026-56012 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35. | 8.5 | 无 | 2026-06-18 | 2026-06-18 |
| CVE-2026-56009 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricksable for Bricks Builder allows Stored XSS. This issue affects Bricksable for Bricks Builder: from n/a through 1.6.83. | 5.9 | 0.14% | 2026-06-18 | 2026-06-18 |
| CVE-2026-56007 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OceanWP Ocean Product Sharing allows Stored XSS. This issue affects Ocean Product Sharing: from n/a through 2.2.2. | 5.9 | 0.14% | 2026-06-18 | 2026-06-18 |
| CVE-2026-54812 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109. | 9.3 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54810 | Missing Authorization vulnerability in Nexi Payments Nexi XPay allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nexi XPay: from n/a through 8.3.1. | 7.5 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54819 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0. | 9.3 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54818 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11. | 8.5 | 0.21% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54817 | Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4. | 6.5 | 0.26% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54816 | Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21. | 7.5 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54815 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6. | 9.3 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54814 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109. | 8.1 | 0.34% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54813 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0. | 8.5 | 0.21% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54809 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10. | 9.3 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54808 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4. | 9.3 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54193 | Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions. | 7.7 | 0.34% | 2026-06-17 | 2026-06-17 |
| CVE-2026-52716 | Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions. | 6.5 | 0.35% | 2026-06-17 | 2026-06-17 |
| CVE-2026-52707 | Unauthenticated Local File Inclusion in Kastell <= 2.0 versions. | 8.1 | 0.44% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49108 | Unauthenticated PHP Object Injection in Moderno < 1.43 versions. | 9.8 | 0.30% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40757 | Unauthenticated PHP Object Injection in Château <= 1.2.1 versions. | 8.1 | 0.25% | 2026-06-17 | 2026-06-17 |