CVE 清單 – 發現高風險與在野利用漏洞

聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。

指派機構(CNA / 來源):[email protected] 移除此篩選

顯示 12114017114 筆結果
CVE 描述 最高 CVSS EPSS % 公開時間 更新時間
CVE-2022-27850 Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message. 5.4 0.37% 2022-04-15 2026-06-17
CVE-2022-27851 Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key. 5.4 0.37% 2022-04-15 2026-06-17
CVE-2022-27852 Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 versions. 6.1 0.66% 2022-04-15 2026-06-17
CVE-2022-27853 Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9 4.8 0.50% 2022-04-18 2026-06-17
CVE-2022-27854 Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via &wpt_test_page_submit_button_caption parameter. 5.4 0.56% 2022-04-26 2026-06-17
CVE-2022-27855 Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress allows Plugin Settings Change. 5.4 0.26% 2022-11-08 2026-06-17
CVE-2022-27856 Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Atlas Gondal Export All URLs plugin <= 4.1 versions. 3.4 0.38% 2023-05-10 2026-06-17
CVE-2022-27858 CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. 7.4 0.80% 2022-11-08 2026-06-17
CVE-2022-27859 Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Travel Management plugin <= 2.0 at WordPress. 4.1 0.62% 2022-06-15 2026-06-17
CVE-2022-27860 Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer Text plugin <= 2.0.3 on WordPress. 6.1 0.36% 2022-04-28 2026-06-17
CVE-2022-27861 Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin <= 4.7.5 versions. 4.7 0.31% 2023-08-10 2026-06-17
CVE-2022-27862 Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form. 9.8 1.64% 2022-04-19 2026-06-17
CVE-2022-27863 Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests. 5.3 1.07% 2022-04-19 2026-06-17
CVE-2022-28612 Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress. 5.4 0.46% 2022-06-15 2026-06-17
CVE-2022-28666 Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update. 5.3 1.18% 2022-07-21 2026-06-17
CVE-2022-28700 Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. 9.1 1.45% 2022-07-21 2026-06-17
CVE-2022-29406 Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in DynamicWebLab's WordPress Team Manager plugin <= 1.6.9 at WordPress. 4.1 0.58% 2022-06-15 2026-06-17
CVE-2022-29408 Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress. 4.7 0.66% 2022-05-25 2026-06-17
CVE-2022-29409 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. 0.04% 2024-01-08 2024-01-08
CVE-2022-29410 Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). 7.4 0.86% 2022-04-28 2026-06-17
cvelogic Threat Intelligence