CVE 清單 – 發現高風險與在野利用漏洞

聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。

指派機構(CNA / 來源):[email protected] 移除此篩選

顯示 12033 筆結果
«« 第一頁 « 上一頁 第 1 / 2 頁 下一頁 »
CVE 描述 最高 CVSS EPSS % 公開時間 更新時間
CVE-2024-56067 Missing Authorization vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through <= 2.3.3. 7.5 10.03% 2024-12-31 2026-06-17
CVE-2024-43989 Server-Side Request Forgery (SSRF) vulnerability in Firsh Justified Image Grid justified-image-grid.This issue affects Justified Image Grid: from n/a through <= 4.6.1. 7.5 12.23% 2024-09-22 2026-06-17
CVE-2025-32583 Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post pdf2post allows Remote Code Inclusion.This issue affects PDF 2 Post: from n/a through <= 2.4.0. 9.9 13.26% 2025-04-17 2026-06-17
CVE-2022-45359 Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress. 9.8 13.51% 2022-12-06 2026-06-17
CVE-2024-56064 Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through <= 2.3.3. 10.0 14.60% 2024-12-31 2026-06-17
CVE-2025-48148 Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Using Malicious Files.This issue affects StoreKeeper for WooCommerce: from n/a through <= 14.4.4. 10.0 14.92% 2025-08-20 2026-06-17
CVE-2024-51818 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through <= 6.4.3. 9.3 16.26% 2025-01-21 2026-06-17
CVE-2026-23550 Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from n/a through <= 2.5.1. 9.8 20.63% 2026-01-14 2026-06-17
CVE-2024-43917 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2. 9.3 21.77% 2024-08-29 2026-06-17
CVE-2025-47646 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login & Registration: from n/a through <= 1.13. 9.8 21.91% 2025-05-23 2026-06-17
CVE-2022-29455 DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions. 4.7 23.18% 2022-06-13 2026-06-17
CVE-2023-47505 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor.Com Elementor allows Cross-Site Scripting (XSS).This issue affects Elementor: from n/a through 3.16.4. 6.5 25.34% 2023-11-30 2026-06-17
CVE-2025-47539 Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through <= 4.0.26. 9.8 30.92% 2025-05-23 2026-06-17
CVE-2024-30491 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. 8.5 32.05% 2024-03-29 2026-06-17
CVE-2025-24587 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nks Email Subscription Popup email-subscribe allows Blind SQL Injection.This issue affects Email Subscription Popup: from n/a through <= 1.2.23. 7.6 32.47% 2025-01-24 2026-06-17
CVE-2022-45835 Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15. 5.8 37.67% 2023-11-12 2026-06-17
CVE-2022-45354 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60. 5.3 38.08% 2024-01-08 2026-06-17
CVE-2023-30777 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions. 7.1 38.77% 2023-05-10 2026-06-17
CVE-2022-45362 Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through 2.7.0. 7.2 40.51% 2023-12-07 2026-06-17
CVE-2024-43919 Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10. 5.3 43.59% 2024-11-01 2026-06-17
«« 第一頁 « 上一頁 第 1 / 2 頁 下一頁 »
cvelogic Threat Intelligence