聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2026-49075 | Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions. | 9.8 | 0.39% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49058 | Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions. | 9.8 | 0.33% | 2026-06-17 | 2026-06-17 |
| CVE-2026-48875 | Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions. | 9.3 | 0.37% | 2026-06-17 | 2026-06-17 |
| CVE-2026-42380 | Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions. | 9.8 | 0.51% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40783 | Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions. | 9.9 | 0.54% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40749 | Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions. | 9.9 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40748 | Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions. | 9.9 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40747 | Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions. | 9.9 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40746 | Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions. | 9.9 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40725 | Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions. | 9.8 | 0.38% | 2026-06-17 | 2026-06-17 |
| CVE-2026-39596 | Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions. | 9.3 | 0.37% | 2026-06-17 | 2026-06-17 |
| CVE-2026-39589 | Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions. | 9.9 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2026-39529 | Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions. | 9.8 | 0.38% | 2026-06-17 | 2026-06-17 |
| CVE-2026-39438 | Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions. | 9.3 | 0.37% | 2026-06-17 | 2026-06-17 |
| CVE-2026-27429 | Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions. | 9.8 | 0.56% | 2026-06-17 | 2026-06-17 |
| CVE-2026-27395 | Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions. | 9.8 | 0.34% | 2026-06-17 | 2026-06-17 |
| CVE-2026-27041 | Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions. | 9.9 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-25470 | Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT (Pro) - Custom Post Types Plugin for WordPress: from n/a through 2.0.47. | 10.0 | 0.41% | 2026-06-17 | 2026-06-17 |
| CVE-2026-25446 | Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions. | 9.9 | 0.43% | 2026-06-17 | 2026-06-17 |
| CVE-2026-24611 | Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions. | 9.1 | 0.44% | 2026-06-17 | 2026-06-17 |