CVE Watch
Every published CVE, mapped to engagement reality.
Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress allows Reflect...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6.
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP Statistics allows DOM...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a through 14.16.6.
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikBooking Hotel Booking E...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8.
CWE-79Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels
Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6.
CWE-862Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf.Com e2pdf allows Reflected XSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf.Com e2pdf allows Reflected XSS. This issue affects e2pdf: from n/a through 1.32.14.
CWE-79Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation
Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1.
CWE-266FlexRIC v2.0.0 crashes when receiving a RIC_SUBSCRIPTION_RESPONSE with an unknown ric_id that has no corresponding pending event
FlexRIC v2.0.0 crashes when receiving a RIC_SUBSCRIPTION_RESPONSE with an unknown ric_id that has no corresponding pending event. The near-RT RIC uses assert() to enforce the existence of a pending event during response processing. A remote unauthenticated attacker can send a forged RIC_SUBSCRIPTION_RESPONSE to the near-RT RIC (port 36421) to cause SIGABRT in Debug builds or NULL pointer dereference (SIGSEGV) in Release builds.
CWE-617FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent
FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert(). A remote unauthenticated attacker can crash the near-RT RIC (port 36421) by simply completing an SCTP handshake and immediately disconnecting, without sending any E2AP message.
CWE-617A security flaw has been discovered in janet-lang janet up to 1.41.0
A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The patch is named ed17dd2c5913a23fb1107251e44a9410a3c30cf5.
CWE-119CWE-125A vulnerability was determined in lharries whatsapp-mcp 0.0.1
A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly disclosed and may be utilized. Patch name: 6657cdceadd361e8fbe824afe9d00b4504009a5d. It is recommended to apply a patch to fix this issue.
CWE-22A vulnerability was found in SourceCodester Computer Repair Shop Management System up to 1.0
A vulnerability was found in SourceCodester Computer Repair Shop Management System up to 1.0. Affected is an unknown function of the file /admin/products/manage_product.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.
CWE-74CWE-89A vulnerability has been found in code-projects Real State Services 1.0
A vulnerability has been found in code-projects Real State Services 1.0. This impacts an unknown function of the file /loginuser.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CWE-74CWE-89A flaw has been found in CodeAstro Online Job Portal 1.0
A flaw has been found in CodeAstro Online Job Portal 1.0. This affects an unknown function of the file /users/application_status.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
CWE-74CWE-89A vulnerability was detected in CodeAstro Online Job Portal 1.0
A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CWE-74CWE-89A security vulnerability has been detected in H3C Magic B0 up to 100R002
A security vulnerability has been detected in H3C Magic B0 up to 100R002. The affected element is the function SetMobileAPInfoById of the file /goform/aspForm. Such manipulation of the argument param leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CWE-119CWE-121Vertex is a management tool for PT (Private Tracker) users to manage streaming and watching videos
Vertex is a management tool for PT (Private Tracker) users to manage streaming and watching videos. Versions prior to commit fbde301b97986d5913fc4bc95f5445750d282e11 are vulnerable to path traversal. Users should upgrade to a version containing commit fbde301b97986d5913fc4bc95f5445750d282e11 to receive a patch.
vertex-appCWE-22A vulnerability was detected in itsourcecode Online House Rental System 1.0
A vulnerability was detected in itsourcecode Online House Rental System 1.0. This impacts an unknown function of the file /manage_payment.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
CWE-74CWE-89A security vulnerability has been detected in itsourcecode Online House Rental System 1.0
A security vulnerability has been detected in itsourcecode Online House Rental System 1.0. This affects an unknown function of the file /manage_tenant.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
CWE-74CWE-89A weakness has been identified in itsourcecode Online House Rental System 1.0
A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
CWE-74CWE-89A security flaw has been discovered in itsourcecode Online Blood Bank Management System 1.0
A security flaw has been discovered in itsourcecode Online Blood Bank Management System 1.0. The affected element is an unknown function of the file /admin/campsdetails.php. Performing a manipulation of the argument hospital results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
CWE-74CWE-89
7.1 HIGH
9.1 CRITICAL
3.3 LOWWeekly digest
Get the curated CVE digest every Monday
One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.
Pipe the CVE feed into your stack.
CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.