CVE 清單 – 發現高風險與在野利用漏洞

聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。

指派機構(CNA / 來源):[email protected] 移除此篩選

顯示 14116017114 筆結果
CVE 描述 最高 CVSS EPSS % 公開時間 更新時間
CVE-2026-57376 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.4.3. 7.1 0.18% 2026-07-13 2026-07-13
CVE-2026-57375 Missing Authorization vulnerability in FluxBuilder MStore API mstore-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MStore API: from n/a through <= 4.18.4. 6.5 0.19% 2026-07-13 2026-07-13
CVE-2026-57372 Server-Side Request Forgery (SSRF) vulnerability in denishua WPJAM Basic wpjam-basic allows Server Side Request Forgery.This issue affects WPJAM Basic: from n/a through <= 7.0. 7.2 0.19% 2026-07-13 2026-07-13
CVE-2026-57371 Deserialization of Untrusted Data vulnerability in denishua WPJAM Basic wpjam-basic allows Object Injection.This issue affects WPJAM Basic: from n/a through <= 7.0. 8.8 0.36% 2026-07-13 2026-07-13
CVE-2026-57369 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Builder themify-builder allows Reflected XSS.This issue affects Themify Builder: from n/a through <= 7.7.4. 7.1 0.18% 2026-07-13 2026-07-13
CVE-2026-57368 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through <= 4.8.5. 7.1 0.18% 2026-07-13 2026-07-13
CVE-2026-57365 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hitesh Chandwani reCAPTCHA (v2 &amp; v3) for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-Based XSS.This issue affects reCAPTCHA (v2 &amp; v3) for Asgaros Forum: from n/a through <= 1.1.0. 6.5 0.22% 2026-07-13 2026-07-13
CVE-2026-57364 Improper Validation of Specified Quantity in Input vulnerability in WPDeveloper Better Payment – Instant Payments, Donations, Fundraising with Subscriptions &amp; More better-payment allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Better Payment – Instant Payments, Donations, Fundraising with Subscriptions &amp; More: from n/a through <= 2.2.0. 6.5 0.26% 2026-07-13 2026-07-13
CVE-2026-57363 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud ChatBot chatbot allows Stored XSS.This issue affects ChatBot: from n/a through <= 8.3.7. 7.1 0.18% 2026-07-13 2026-07-13
CVE-2026-57807 Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO (OAuth Client) allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO (OAuth Client): from n/a through 38.5.8. 9.8 0.43% 2026-07-10 2026-07-13
CVE-2026-59520 Cross-Site Request Forgery (CSRF) vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16. 4.3 0.10% 2026-07-05 2026-07-06
CVE-2026-59519 Insertion of Sensitive Information Into Sent Data vulnerability in Softaculous FormLayer allows Retrieve Embedded Sensitive Data. This issue affects FormLayer: from n/a through 1.0.6. 5.3 0.20% 2026-07-05 2026-07-07
CVE-2026-59511 Insertion of Sensitive Information Into Sent Data vulnerability in Tim Strifler Exclusive Addons Elementor allows Retrieve Embedded Sensitive Data. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.9. 5.3 0.20% 2026-07-05 2026-07-06
CVE-2026-57766 Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor <= 3.5.6 versions. 8.8 0.14% 2026-07-02 2026-07-02
CVE-2026-57765 Contributor SQL Injection in WP EasyCart <= 5.9.0 versions. 8.5 0.22% 2026-07-02 2026-07-02
CVE-2026-57764 Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions. 6.5 0.14% 2026-07-02 2026-07-02
CVE-2026-57763 Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions. 6.5 0.14% 2026-07-02 2026-07-02
CVE-2026-57762 Author Cross Site Scripting (XSS) in Simple URLs <= 151 versions. 5.9 0.15% 2026-07-02 2026-07-02
CVE-2026-57761 Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions. 7.1 0.09% 2026-07-02 2026-07-02
CVE-2026-57760 Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sendcloud Shipping: from n/a through 1.0.29. 5.3 0.18% 2026-07-02 2026-07-02
cvelogic Threat Intelligence