CVE 清單 – 發現高風險與在野利用漏洞

聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。

指派機構(CNA / 來源):[email protected] 移除此篩選

顯示 1011202942 筆結果
CVE 描述 最高 CVSS EPSS % 公開時間 更新時間
CVE-2026-54849 Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions. 9.3 0.23% 2026-06-25 2026-06-25
CVE-2026-54848 Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3. 8.3 0.18% 2026-06-25 2026-06-25
CVE-2026-54845 Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions. 8.1 0.27% 2026-06-25 2026-06-25
CVE-2026-54843 Unauthenticated SQL Injection in MDTF <= 1.3.7 versions. 9.3 0.23% 2026-06-25 2026-06-25
CVE-2026-54842 Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25. 8.1 0.19% 2026-06-25 2026-06-25
CVE-2026-54838 Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions. 8.5 0.27% 2026-06-25 2026-06-25
CVE-2026-54836 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5. 9.3 0.23% 2026-06-25 2026-06-25
CVE-2026-54823 Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions. 9.9 0.43% 2026-06-25 2026-06-25
CVE-2026-54822 Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions. 8.5 0.27% 2026-06-25 2026-06-25
CVE-2026-56012 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35. 8.5 0.21% 2026-06-18 2026-06-18
CVE-2026-54812 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109. 9.3 0.29% 2026-06-17 2026-06-17
CVE-2026-54819 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0. 9.3 0.24% 2026-06-17 2026-06-17
CVE-2026-54818 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11. 8.5 0.21% 2026-06-17 2026-06-17
CVE-2026-54815 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6. 9.3 0.24% 2026-06-17 2026-06-17
CVE-2026-54814 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109. 8.1 0.34% 2026-06-17 2026-06-17
CVE-2026-54813 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0. 8.5 0.21% 2026-06-17 2026-06-17
CVE-2026-54809 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10. 9.3 0.24% 2026-06-17 2026-06-17
CVE-2026-54808 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4. 9.3 0.32% 2026-06-17 2026-06-17
CVE-2026-52707 Unauthenticated Local File Inclusion in Kastell <= 2.0 versions. 8.1 0.44% 2026-06-17 2026-06-17
CVE-2026-49108 Unauthenticated PHP Object Injection in Moderno < 1.43 versions. 9.8 0.30% 2026-06-17 2026-06-17
cvelogic Threat Intelligence