CVE Watch
Every published CVE, mapped to engagement reality.
Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.
Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unautho...
Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CWE-22Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized ...
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CWE-79Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally
Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.
CWE-416Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CWE-122Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CWE-416Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CWE-416Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CWE-822Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CWE-122CWE-191Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CWE-121CWE-191Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CWE-416Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CWE-416Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CWE-125Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CWE-843Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification
Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS#7 or S/MIME signed message, if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent use of the BIO by the calling application results in a use-after-free condition. In the common case this occurs when the application later calls BIO_free() on the BIO originally passed to PKCS7_verify(). Depending on allocator behavior and application-specific BIO usage patterns, this may result in a crash or other memory corruption. In some application contexts this may potentially be exploitable for remote code execution. Applications that process PKCS#7 or S/MIME signed messages using OpenSSL PKCS#7 APIs may be affected. Applications using the CMS APIs for this processing are not affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.
CWE-416Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied...
Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied initialisation vector (IV) is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV supplied by the caller, resulting in (key, nonce) reuse and loss of confidentiality. If the same code path is used to compute the authentication tag, the tag depends only on the (key, IV) pair and not on the plaintext or ciphertext, allowing universal forgery of arbitrary ciphertext from a single captured message. OpenSSL provides two ways to drive a cipher: the documented streaming interface (EVP_CipherUpdate / EVP_CipherFinal_ex) and a lower-level one-shot, EVP_Cipher(), whose documentation explicitly recommends against use by applications in favour of EVP_CipherUpdate() and EVP_CipherFinal_ex(). The OCB provider's streaming handler flushes the application-supplied IV into the OCB context before processing data; the one-shot handler did not. Every call to EVP_Cipher() on an AES-OCB context therefore ran with the all-zero key-derived offset state left by cipher initialisation, regardless of the caller's IV. If EVP_EncryptFinal_ex() is subsequently used to obtain the authentication tag, the deferred IV setup runs at that point and clears the running checksum that should have been accumulated over the plaintext. The resulting tag is a function of (key, IV) only and verifies against any ciphertext produced under the same (key, IV) pair. The OpenSSL SSL/TLS implementation is not affected: AES-OCB is not a TLS cipher suite, and libssl does not call EVP_Cipher() in any case. Applications that drive AES-OCB through the documented streaming AEAD API (EVP_CipherUpdate / EVP_CipherFinal_ex) are not affected. Only applications that combine the AES-OCB cipher with the EVP_Cipher() one-shot API are vulnerable. The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by this issue, as AES-OCB is outside the OpenSSL FIPS module boundary.
CWE-325Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CWE-122Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CWE-197CWE-416Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CWE-125Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CWE-125Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CWE-122
8.4 HIGHWeekly digest
Get the curated CVE digest every Monday
One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.
Pipe the CVE feed into your stack.
CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.