CVE Watch
Every published CVE, mapped to engagement reality.
Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.
Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assum...
Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client, Authentication Bypass, Manipulate Registry Information. This issue affects Brokerage Automation: before 1.1.71.
CWE-302CWE-639Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DivvyDrive Information Techn...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DivvyDrive Information Technologies Inc. Digital Corporate Warehouse allows Stored XSS. This issue affects Digital Corporate Warehouse: before v.4.8.2.22.
CWE-79Use after free in Microsoft Office allows an unauthorized attacker to execute code locally
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
microsoftCWE-416Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in P...
Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality Misuse. This issue affects Excavation Management Information System: before v.10.2025.01.
CWE-359CWE-552Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs ...
Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass. This issue affects Perfektive: before Version: 12574 Build: 2701.
CWE-307CWE-602Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability ...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection. This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398.
CWE-89Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd. Co. OBS (Student Affairs Information System) allows Stored XSS. This issue affects OBS (Student Affairs Information System): before 25.0401.
CWE-79This issue was addressed with improved entitlements
This issue was addressed with improved entitlements. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. An app may be able to break out of its sandbox.
appleCWE-284Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information to an Unauth...
Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in CBK Soft Software Hardware Electronic Computer Systems Industry and Trade Inc. EnVision allows Account Footprinting. This issue affects enVision: before 250566.
CWE-200CWE-203Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd. Co. OBS (Student Affairs Information System) allows Reflected XSS. This issue affects OBS (Student Affairs Information System): before V26.0401.
CWE-79Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vu...
Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus allows Detect Unpublicized Web Pages. This issue affects CityPLus: before V24.29500.1.0.
CWE-200CWE-497Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
microsoftCWE-1390Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network
Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
microsoftCWE-20Use after free in Microsoft Office allows an unauthorized attacker to execute code locally
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
microsoftCWE-416Use after free in Microsoft Office allows an unauthorized attacker to execute code locally
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
microsoftCWE-416Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges l...
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
microsoftCWE-303An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and bel...
An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions RDP bookmark connection may allow an authenticated user to execute unauthorized code via crafted requests.
fortinetCWE-122An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and...
An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow an unauthenticated attacker in a man-in-the middle position to intercept and tamper with connections to the ZTNA proxy
fortinetCWE-297Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session Hijacking
Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session Hijacking. This issue affects Agentis: before 4.44.
CWE-384Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import Export Industry and Trade Co
Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import Export Industry and Trade Co. Ltd. QRMenu allows Privilege Abuse. This issue affects QRMenu: from 1.05.12 before Version dated 05.09.2025.
CWE-639
8.1 HIGHWeekly digest
Get the curated CVE digest every Monday
One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.
Pipe the CVE feed into your stack.
CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.