CVE Watch
Every published CVE, mapped to engagement reality.
Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CWE-122CWE-191Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CWE-122Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CWE-121CWE-191Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CWE-416Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally
Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.
CWE-693Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CWE-416Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CWE-125Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CWE-843Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CWE-125Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification
Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS#7 or S/MIME signed message, if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent use of the BIO by the calling application results in a use-after-free condition. In the common case this occurs when the application later calls BIO_free() on the BIO originally passed to PKCS7_verify(). Depending on allocator behavior and application-specific BIO usage patterns, this may result in a crash or other memory corruption. In some application contexts this may potentially be exploitable for remote code execution. Applications that process PKCS#7 or S/MIME signed messages using OpenSSL PKCS#7 APIs may be affected. Applications using the CMS APIs for this processing are not affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.
CWE-416Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied...
Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied initialisation vector (IV) is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV supplied by the caller, resulting in (key, nonce) reuse and loss of confidentiality. If the same code path is used to compute the authentication tag, the tag depends only on the (key, IV) pair and not on the plaintext or ciphertext, allowing universal forgery of arbitrary ciphertext from a single captured message. OpenSSL provides two ways to drive a cipher: the documented streaming interface (EVP_CipherUpdate / EVP_CipherFinal_ex) and a lower-level one-shot, EVP_Cipher(), whose documentation explicitly recommends against use by applications in favour of EVP_CipherUpdate() and EVP_CipherFinal_ex(). The OCB provider's streaming handler flushes the application-supplied IV into the OCB context before processing data; the one-shot handler did not. Every call to EVP_Cipher() on an AES-OCB context therefore ran with the all-zero key-derived offset state left by cipher initialisation, regardless of the caller's IV. If EVP_EncryptFinal_ex() is subsequently used to obtain the authentication tag, the deferred IV setup runs at that point and clears the running checksum that should have been accumulated over the plaintext. The resulting tag is a function of (key, IV) only and verifies against any ciphertext produced under the same (key, IV) pair. The OpenSSL SSL/TLS implementation is not affected: AES-OCB is not a TLS cipher suite, and libssl does not call EVP_Cipher() in any case. Applications that drive AES-OCB through the documented streaming AEAD API (EVP_CipherUpdate / EVP_CipherFinal_ex) are not affected. Only applications that combine the AES-OCB cipher with the EVP_Cipher() one-shot API are vulnerable. The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by this issue, as AES-OCB is outside the OpenSSL FIPS module boundary.
CWE-325Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CWE-122Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CWE-197CWE-416Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CWE-125Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CWE-125Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CWE-122Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CWE-362Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CWE-843Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network
Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
CWE-121Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CWE-416
7.8 HIGH
3.3 LOW
9.8 CRITICALWeekly digest
Get the curated CVE digest every Monday
One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.
Pipe the CVE feed into your stack.
CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.