CVE 列表 – 发现高风险与在野利用漏洞

聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。

分配机构(CNA / 来源):[email protected] 移除此筛选

显示 214016964 条结果
CVE 描述 最高 CVSS EPSS % 公开时间 更新时间
CVE-2025-57958 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. 0.04% 2025-09-22 2026-04-06
CVE-2026-39659 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. 0.02% 2026-04-08 2026-04-21
CVE-2026-39660 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. 0.02% 2026-04-08 2026-04-29
CVE-2026-27066 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. 0.02% 2026-02-19 2026-06-11
CVE-2021-23150 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.31 versions. 4.8 0.53% 2022-03-18 2026-06-16
CVE-2021-23174 Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. 3.4 83.85% 2022-01-28 2026-06-16
CVE-2021-23209 Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32). 4.8 0.53% 2022-03-18 2026-06-16
CVE-2021-23227 Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP Everywhere plugin <= 2.0.2 versions. 5.4 0.40% 2022-01-13 2026-06-16
CVE-2021-26256 Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6). 4.7 0.82% 2022-02-21 2026-06-16
CVE-2021-31567 Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It's also possible to escape from the web server home directory and download any file within the OS. 6.8 1.37% 2022-01-28 2026-06-16
CVE-2021-36821 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Stored XSS.This issue affects Forminator: from n/a through 1.14.11. 7.1 0.41% 2023-03-16 2026-06-16
CVE-2021-36823 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cusmin AGCA - Absolutely Glamorous Custom Admin (WordPress plugin) allows Stored XSS.This issue affects AGCA - Absolutely Glamorous Custom Admin (WordPress plugin): from n/a through 6.8. 6.6 0.72% 2021-09-23 2026-06-16
CVE-2021-36826 Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions. 5.4 0.60% 2022-04-04 2026-06-16
CVE-2021-36827 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label". 4.8 0.47% 2022-06-16 2026-06-16
CVE-2021-36828 Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance plugin <= 6.0.7 versions. 4.8 0.51% 2022-04-15 2026-06-16
CVE-2021-36829 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop Launcher: Coming Soon & Maintenance Mode plugin <= 1.0.11 at WordPress. 4.8 0.46% 2022-09-06 2026-06-16
CVE-2021-36830 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin <= 0.8.0 at WordPress. 4.8 0.40% 2022-09-30 2026-06-16
CVE-2021-36832 WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram (versions <= 2.0.2) vulnerable at "Headline" (&message_data[16][headline]) input. 4.8 0.55% 2021-10-19 2026-06-16
CVE-2021-36833 Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ibericode's MC4WP plugin <= 4.8.6 at WordPress. 4.8 0.49% 2022-05-20 2026-06-16
CVE-2021-36839 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Follow Buttons Bar plugin <= 4.73 at WordPress. 4.8 0.40% 2022-09-30 2026-06-16
cvelogic Threat Intelligence