CVE 列表 – 发现高风险与在野利用漏洞

聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。

分配机构(CNA / 来源):[email protected] 移除此筛选

显示 61802912 条结果
CVE 描述 最高 CVSS EPSS % 公开时间 更新时间
CVE-2026-56010 Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions. 8.8 0.38% 2026-06-26 2026-06-26
CVE-2026-56008 Contributor Privilege Escalation in Fusion Builder <= 3.15.4 versions. 8.8 0.28% 2026-06-26 2026-06-29
CVE-2026-54831 Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions. 9.3 0.28% 2026-06-26 2026-06-26
CVE-2026-54827 Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions. 9.3 0.28% 2026-06-26 2026-06-26
CVE-2026-54825 Unauthenticated SQL Injection in wpDataTables <= 7.4 versions. 9.3 0.28% 2026-06-26 2026-06-26
CVE-2026-54820 Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions. 9.3 0.28% 2026-06-26 2026-06-26
CVE-2025-68052 Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions. 8.8 0.14% 2026-06-26 2026-06-26
CVE-2026-57700 Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through 5.2.6. 10.0 0.37% 2026-06-25 2026-06-29
CVE-2026-56053 Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions. 8.8 0.39% 2026-06-25 2026-06-25
CVE-2026-56049 Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions. 8.5 0.35% 2026-06-25 2026-06-25
CVE-2026-54849 Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions. 9.3 0.23% 2026-06-25 2026-06-25
CVE-2026-54848 Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3. 8.3 0.18% 2026-06-25 2026-06-25
CVE-2026-54845 Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions. 8.1 0.27% 2026-06-25 2026-06-25
CVE-2026-54843 Unauthenticated SQL Injection in MDTF <= 1.3.7 versions. 9.3 0.23% 2026-06-25 2026-06-25
CVE-2026-54842 Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25. 8.1 0.19% 2026-06-25 2026-06-25
CVE-2026-54838 Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions. 8.5 0.27% 2026-06-25 2026-06-25
CVE-2026-54836 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5. 9.3 0.23% 2026-06-25 2026-06-25
CVE-2026-54823 Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions. 9.9 0.43% 2026-06-25 2026-06-25
CVE-2026-54822 Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions. 8.5 0.27% 2026-06-25 2026-06-25
CVE-2026-56012 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35. 8.5 0.21% 2026-06-18 2026-06-18
cvelogic Threat Intelligence