聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2026-40750 | Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9. | 9.9 | 0.27% | 2026-06-16 | 2026-06-16 |
| CVE-2026-54198 | Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions. | 7.1 | 0.15% | 2026-06-16 | 2026-06-16 |
| CVE-2026-54191 | Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions. | 7.1 | 0.15% | 2026-06-16 | 2026-06-16 |
| CVE-2026-52715 | Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions. | 9.3 | 0.25% | 2026-06-16 | 2026-06-16 |
| CVE-2026-52712 | Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions. | 7.6 | 0.24% | 2026-06-16 | 2026-06-16 |
| CVE-2026-52711 | Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions. | 7.5 | 0.23% | 2026-06-16 | 2026-06-16 |
| CVE-2026-49774 | Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0. | 9.9 | 0.41% | 2026-06-16 | 2026-06-16 |
| CVE-2026-49772 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2. | 9.3 | 0.24% | 2026-06-16 | 2026-06-16 |
| CVE-2026-39581 | Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions. | 8.5 | 0.27% | 2026-06-16 | 2026-06-16 |
| CVE-2026-39574 | Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions. | 9.3 | 0.23% | 2026-06-16 | 2026-06-16 |
| CVE-2026-39490 | Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions. | 7.5 | 0.30% | 2026-06-16 | 2026-06-16 |
| CVE-2026-39437 | Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions. | 7.1 | 0.14% | 2026-06-16 | 2026-06-16 |
| CVE-2025-68045 | Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions. | 7.5 | 0.23% | 2026-06-16 | 2026-06-16 |
| CVE-2026-9691 | Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52703 | Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. | 9.6 | 0.35% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52702 | Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions. | 7.1 | 0.15% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52700 | Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions. | 8.5 | 0.35% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52699 | Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions. | 7.5 | 0.24% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52697 | Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. | 8.5 | 0.35% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52695 | Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. | 7.5 | 0.25% | 2026-06-15 | 2026-06-15 |