聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2026-54812 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109. | 9.3 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54819 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0. | 9.3 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54815 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6. | 9.3 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54809 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10. | 9.3 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54808 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4. | 9.3 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49108 | Unauthenticated PHP Object Injection in Moderno < 1.43 versions. | 9.8 | 0.30% | 2026-06-17 | 2026-06-17 |
| CVE-2025-69127 | Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions. | 9.8 | 0.39% | 2026-06-17 | 2026-06-17 |
| CVE-2025-69111 | Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions. | 9.8 | 0.39% | 2026-06-17 | 2026-06-17 |
| CVE-2025-60236 | Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5. | 9.8 | 0.31% | 2026-06-17 | 2026-06-17 |
| CVE-2025-60231 | Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects The Hospital: from n/a through 1.8.1. | 9.8 | 0.31% | 2026-06-17 | 2026-06-17 |
| CVE-2025-60230 | Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9. | 9.8 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2025-60229 | Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0. | 9.8 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2025-59554 | Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions. | 9.3 | 0.38% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54811 | Unauthenticated SQL Injection in WP eMember < v10.9.4 versions. | 9.3 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54807 | Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions. | 9.8 | 0.45% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54806 | Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions. | 9.8 | 0.53% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54803 | Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions. | 9.8 | 0.45% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54194 | Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions. | 9.8 | 0.53% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54187 | Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions. | 9.3 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54186 | Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions. | 9.3 | 0.30% | 2026-06-17 | 2026-06-17 |