CVE Watch
Every published CVE, mapped to engagement reality.
Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.
A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2
A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CWE-404CWE-476A vulnerability was identified in itsourcecode Fees Management System 1.0
A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /manage_course.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CWE-74CWE-89A vulnerability was determined in itsourcecode Fees Management System 1.0
A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CWE-74CWE-89A vulnerability was found in SourceCodester Customer Review App 1.0
A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function add_review/save_review/get_all_reviews of the file review_app.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local approach. The exploit has been made public and could be used.
CWE-404Memory Corruption when sending random number generator command with insufficient output buffer size
Memory Corruption when sending random number generator command with insufficient output buffer size.
qualcommCWE-787Memory Corruption when output buffer size is smaller than input buffer size during data copying operation
Memory Corruption when output buffer size is smaller than input buffer size during data copying operation.
qualcommCWE-121Memory corruption in windows drivers while sending incorrect trusted application request
Memory corruption in windows drivers while sending incorrect trusted application request
qualcommCWE-121Memory corruption in diagnostic services due to absence of input validation
Memory corruption in diagnostic services due to absence of input validation
qualcommCWE-787Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer
Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.
qualcommCWE-367Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length
Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.
qualcommCWE-126Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization
Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.
qualcommCWE-476Memory Corruption when processing device identifier strings that exceed the expected maximum length
Memory Corruption when processing device identifier strings that exceed the expected maximum length.
qualcommCWE-787Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer
Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.
qualcommCWE-476Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device...
Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration.
qualcommCWE-1230Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access t...
Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause the device to display incorrect or no information from the connected Delta Family patient monitor.
CWE-451Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL co...
Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information including names, email addresses, and phone numbers from the database.
CWE-89Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain re...
Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token. Affected versions: - log-cache_release: all versions through v3.2.6 (inclusive); fixed in v3.2.7 or later - CF Deployment: all versions through v55.?.0 (inclusive); fixed in v55.?.0 or later (bundles log-cache_release v3.2.7)
CWE-287In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass
In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
googleCWE-269In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in th...
In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local with null execution privileges needed. User interaction is null for exploitation.
googleCWE-476In multiple functions, there is a possible desync in persistence due to an incorrect bounds check
In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
googleCWE-120
3.3 LOW
6.3 MEDIUM
7.8 HIGHWeekly digest
Get the curated CVE digest every Monday
One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.
Pipe the CVE feed into your stack.
CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.