聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2026-59518 | Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects Directorist: from n/a through <= 8.8.2. | 9.8 | 0.31% | 2026-07-13 | 2026-07-13 |
| CVE-2026-59515 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sergey AIWU ai-copilot-content-generator allows Blind SQL Injection.This issue affects AIWU: from n/a through <= 1.5.4. | 9.3 | 0.25% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57813 | Incorrect Privilege Assignment vulnerability in properfraction MailOptin mailoptin allows Privilege Escalation.This issue affects MailOptin: from n/a through <= 1.2.77.3. | 9.8 | 0.27% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57811 | Improper Control of Generation of Code ('Code Injection') vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-listing-realtyna-wpl allows Remote Code Inclusion.This issue affects Realtyna Organic IDX plugin: from n/a through <= 5.2.0. | 10.0 | 0.32% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57770 | Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Photography grandphotography allows Object Injection.This issue affects Grand Photography: from n/a through <= 5.7.8. | 9.8 | 0.31% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57744 | Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5. | 9.8 | 0.31% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57739 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Blind SQL Injection.This issue affects AcyMailing SMTP Newsletter: from n/a through <= 10.11.0. | 9.3 | 0.29% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57738 | Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This issue affects 777: from n/a through <= 1.13.0. | 9.8 | 0.39% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57726 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Kirki kirki allows Blind SQL Injection.This issue affects Kirki: from n/a through <= 6.0.12. | 9.3 | 0.29% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57724 | Deserialization of Untrusted Data vulnerability in Themeum Kirki kirki allows Object Injection.This issue affects Kirki: from n/a through <= 6.0.12. | 9.8 | 0.39% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57719 | Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through <= 2.8.3. | 10.0 | 0.36% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57714 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LatePoint LatePoint latepoint allows Blind SQL Injection.This issue affects LatePoint: from n/a through <= 5.6.3. | 9.3 | 0.29% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57710 | Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through <= 14.1.7. | 9.9 | 0.33% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57707 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows SQL Injection.This issue affects Simple Business Directory Pro: from n/a through <= 15.9.4. | 9.3 | 0.29% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57702 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Melograno Venture Studio Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through <= 2.4.2. | 9.3 | 0.29% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57401 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force SureDash suredash allows Path Traversal.This issue affects SureDash: from n/a through <= 1.8.0. | 9.9 | 0.38% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57807 | Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO (OAuth Client) allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO (OAuth Client): from n/a through 38.5.8. | 9.8 | 0.43% | 2026-07-10 | 2026-07-13 |
| CVE-2026-57683 | Unauthenticated SQL Injection in WP Fast Total Search <= 1.80.280 versions. | 9.3 | 0.25% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57679 | Unauthenticated SQL Injection in GeekyBot <= 1.2.5 versions. | 9.3 | 0.25% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57677 | Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce <= 12.10.3 versions. | 9.8 | 0.34% | 2026-07-02 | 2026-07-02 |