CVE Watch
Every published CVE, mapped to engagement reality.
Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the IPMacBindRuleIp parameter of the...
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the IPMacBindRuleIp parameter of the formIPMacBindModify function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CWE-120Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the for...
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CWE-120Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the R7We...
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the R7WebsSecurityHandler function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CWE-121Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the form...
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the formwrlSSIDset function via the mit_ssid and mis_ssid_index parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CWE-121Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio par...
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formWifiRadioSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CWE-121Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was discovered to contain a stack overflow in the save_list_data parameter of the ...
Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was discovered to contain a stack overflow in the save_list_data parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CWE-121Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the ip parameter...
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the ip parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a HTTP request.
CWE-121Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the domain param...
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the domain parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CWE-121Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain multiple stack overflows in the from...
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, __s2, __s1_00, and puVar3 parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CWE-121Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio par...
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CWE-121Shenzhen Tenda Technology Co., Ltd Tenda US_W3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the ask_t...
Shenzhen Tenda Technology Co., Ltd Tenda US_W3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CWE-121An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication v...
An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
CWE-287An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage d...
An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to sensitive files, the overwriting of critical application files, and remote code execution (RCE).
CWE-22A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentica...
A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
CWE-347Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type
Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type.
CWE-284An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain ...
An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs.
CWE-200An issue was discovered in bitbank2 AnimatedGIF v2.2.0
An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via a crafted GIF file.
CWE-120Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials...
Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash, inspect active connections, and view currently connected devices.
A NULL pointer dereference in the gf_odf_vvc_cfg_write_bs function (odf/descriptors.c) of GPAC MP4Box v2.4 allows attackers to cause a De...
A NULL pointer dereference in the gf_odf_vvc_cfg_write_bs function (odf/descriptors.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
CWE-476A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to c...
A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS data.
CWE-400
7.5 HIGH
9.1 CRITICALWeekly digest
Get the curated CVE digest every Monday
One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.
Pipe the CVE feed into your stack.
CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.