聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2026-57416 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SiteGround SiteGround Email Marketing siteground-email-marketing allows Stored XSS.This issue affects SiteGround Email Marketing: from n/a through <= 1.7.5. | 7.1 | 0.18% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57413 | Server-Side Request Forgery (SSRF) vulnerability in bdthemes Instant Image Generator ai-image allows Server Side Request Forgery.This issue affects Instant Image Generator: from n/a through <= 2.1.4. | 6.4 | 0.23% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57412 | Missing Authorization vulnerability in Codemenschen Gift Vouchers gift-voucher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gift Vouchers: from n/a through <= 4.6.9. | 6.5 | 0.24% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57411 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aman CF7 Views – Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views – Complete Entry Management for Contact Form 7: from n/a through <= 3.2.2. | 7.1 | 0.18% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57410 | Incorrect Privilege Assignment vulnerability in MailerPress Team MailerPress mailerpress allows Privilege Escalation.This issue affects MailerPress: from n/a through <= 2.0.2. | 8.8 | 0.29% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57407 | Server-Side Request Forgery (SSRF) vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server Side Request Forgery.This issue affects PDF Generator for WordPress: from n/a through <= 1.6.2. | 7.2 | 0.19% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57406 | Missing Authorization vulnerability in Roxnor FundEngine wp-fundraising-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FundEngine: from n/a through <= 1.7.6. | 6.5 | 0.24% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57405 | Missing Authorization vulnerability in themehunk Open Shop open-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Shop: from n/a through <= 1.7.1. | 7.1 | 0.23% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57401 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force SureDash suredash allows Path Traversal.This issue affects SureDash: from n/a through <= 1.8.0. | 9.9 | 0.38% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57400 | Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through <= 1.5.5. | 6.5 | 0.24% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57399 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proxy & VPN Blocker Proxy & VPN Blocker proxy-vpn-blocker allows Stored XSS.This issue affects Proxy & VPN Blocker: from n/a through <= 3.5.8. | 7.1 | 0.18% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57398 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue affects Real Estate Manager Pro: from n/a through <= 12.8.3. | 7.1 | 0.18% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57394 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Newsletters newsletters-lite allows Reflected XSS.This issue affects Newsletters: from n/a through <= 4.14. | 7.1 | 0.18% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57393 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce PDF Invoice Builder: from n/a through <= 2.0.8. | 6.5 | 0.27% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57392 | Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.22.5. | 6.5 | 0.24% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57391 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Stored XSS.This issue affects Loops & Logic: from n/a through <= 4.2.3. | 6.5 | 0.24% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57388 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through <= 1.1.44. | 7.1 | 0.18% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57387 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in picu picu picu allows Stored XSS.This issue affects picu: from n/a through <= 3.5.1. | 7.1 | 0.18% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57386 | Incorrect Privilege Assignment vulnerability in Kodezen LLC aBlocks ablocks allows Privilege Escalation.This issue affects aBlocks: from n/a through < 2.9.1. | 8.8 | 0.29% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57385 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in appsbd Vitepos vitepos-lite allows Blind SQL Injection.This issue affects Vitepos: from n/a through <= 3.4.2. | 8.5 | 0.26% | 2026-07-13 | 2026-07-13 |