CVE 清單 – 發現高風險與在野利用漏洞

聚合 NVD、CVE 及多源情資，深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型，動態追蹤 Exploit 資源與 PoC 公開狀態，研判可利用性。結合官方修補與修復方案，優化漏洞管理優先級，縮短回應週期，保障資產安全。

指派機構（CNA / 來源）：[email protected] 移除此篩選

EPSS 分數

≥ 1% ≥ 5% ≥ 10% ≥ 30% ≥ 50%

CVSS 分數

≥ 6 ≥ 7 ≥ 8 ≥ 9

CVE	描述	最高 CVSS	EPSS %	公開時間	更新時間
CVE-2026-56012	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35.	8.5	無	2026-06-18	2026-06-18
CVE-2026-54812	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109.	9.3	0.29%	2026-06-17	2026-06-17
CVE-2026-54819	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0.	9.3	0.24%	2026-06-17	2026-06-17
CVE-2026-54818	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11.	8.5	0.21%	2026-06-17	2026-06-17
CVE-2026-54815	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6.	9.3	0.24%	2026-06-17	2026-06-17
CVE-2026-54814	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109.	8.1	0.34%	2026-06-17	2026-06-17
CVE-2026-54813	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0.	8.5	0.21%	2026-06-17	2026-06-17
CVE-2026-54809	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10.	9.3	0.24%	2026-06-17	2026-06-17
CVE-2026-54808	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4.	9.3	0.32%	2026-06-17	2026-06-17
CVE-2026-52707	Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.	8.1	0.44%	2026-06-17	2026-06-17
CVE-2026-49108	Unauthenticated PHP Object Injection in Moderno < 1.43 versions.	9.8	0.30%	2026-06-17	2026-06-17
CVE-2026-40757	Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.	8.1	0.25%	2026-06-17	2026-06-17
CVE-2026-40756	Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.	8.1	0.25%	2026-06-17	2026-06-17
CVE-2026-40752	Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.	8.1	0.31%	2026-06-17	2026-06-17
CVE-2026-40738	Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.	8.1	0.31%	2026-06-17	2026-06-17
CVE-2026-40733	Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.	8.1	0.31%	2026-06-17	2026-06-17
CVE-2026-39590	Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions.	8.1	0.34%	2026-06-17	2026-06-17
CVE-2026-39576	Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.	8.1	0.40%	2026-06-17	2026-06-17
CVE-2026-39560	Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.	8.1	0.31%	2026-06-17	2026-06-17
CVE-2026-39559	Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions.	8.1	0.34%	2026-06-17	2026-06-17

cvelogic Threat Intelligence