聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2026-54817 | Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4. | 6.5 | 0.26% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54816 | Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21. | 7.5 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54815 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6. | 9.3 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54814 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109. | 8.1 | 0.34% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54813 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0. | 8.5 | 0.21% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54809 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10. | 9.3 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54808 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4. | 9.3 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54193 | Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions. | 7.7 | 0.34% | 2026-06-17 | 2026-06-17 |
| CVE-2026-52716 | Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions. | 6.5 | 0.35% | 2026-06-17 | 2026-06-17 |
| CVE-2026-52707 | Unauthenticated Local File Inclusion in Kastell <= 2.0 versions. | 8.1 | 0.44% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49108 | Unauthenticated PHP Object Injection in Moderno < 1.43 versions. | 9.8 | 0.30% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40757 | Unauthenticated PHP Object Injection in Château <= 1.2.1 versions. | 8.1 | 0.25% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40756 | Unauthenticated PHP Object Injection in Zoya <= 1.4 versions. | 8.1 | 0.25% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40752 | Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions. | 8.1 | 0.31% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40738 | Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions. | 8.1 | 0.31% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40733 | Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions. | 8.1 | 0.31% | 2026-06-17 | 2026-06-17 |
| CVE-2026-40720 | Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions. | 7.1 | 0.18% | 2026-06-17 | 2026-06-17 |
| CVE-2026-39590 | Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions. | 8.1 | 0.34% | 2026-06-17 | 2026-06-17 |
| CVE-2026-39576 | Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions. | 8.1 | 0.40% | 2026-06-17 | 2026-06-17 |
| CVE-2026-39560 | Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions. | 8.1 | 0.31% | 2026-06-17 | 2026-06-17 |