CVE Watch
Every published CVE, mapped to engagement reality.
Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.
Missing Authorization vulnerability in Zoho Mail Zoho ZeptoMail allows Exploiting Incorrectly Configured Access Control Security Levels
Missing Authorization vulnerability in Zoho Mail Zoho ZeptoMail allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zoho ZeptoMail: from n/a through 3.2.9.
CWE-862A security vulnerability has been detected in Open Babel up to 3.1.1
A security vulnerability has been detected in Open Babel up to 3.1.1. The affected element is the function OpenBabel::transform3d::DescribeAsString of the file src/math/transform3d.cpp of the component CIF File Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 3.2.0 is sufficient to fix this issue. The identifier of the patch is e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. It is suggested to install a patch to address this issue.
openbabelCWE-119CWE-125In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock protection with virtqueue notification...
In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock protection with virtqueue notification When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32 openssl processes will hangup and there is error reported like this: virtio_crypto virtio0: dataq.0:id 3 is not a head! It seems that the data virtqueue need protection when it is handled for virtio done notification. If the spinlock protection is added in virtcrypto_done_task(), openssl benchmark with multiple processes works well.
linuxIn the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection...
In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() On kthread_run() failure in ksmbd_tcp_new_connection(), the transport is freed via free_transport(), which does not decrement active_num_conn, leaking this counter. Replace free_transport() with ksmbd_tcp_disconnect().
linuxCWE-401In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in er...
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths The problem occurs when a signed request fails smb2 signature verification check. In __process_request(), if check_sign_req() returns an error, set_smb2_rsp_status(work, STATUS_ACCESS_DENIED) is called. set_smb2_rsp_status() set work->next_smb2_rcv_hdr_off as zero. By resetting next_smb2_rcv_hdr_off to zero, the pointer to the next command in the chain is lost. Consequently, is_chained_smb2_message() continues to point to the same request header instead of advancing. If the header's NextCommand field is non-zero, the function returns true, causing __handle_ksmbd_work() to repeatedly process the same failed request in an infinite loop. This results in the kernel log being flooded with "bad smb2 signature" messages and high CPU usage. This patch fixes the issue by changing the return value from SERVER_HANDLER_CONTINUE to SERVER_HANDLER_ABORT. This ensures that the processing loop terminates immediately rather than attempting to continue from an invalidated offset.
linuxCWE-835Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Key Software Solutions Inc
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Key Software Solutions Inc. INFOREX- General Information Management System allows XSS Through HTTP Headers. This issue affects INFOREX- General Information Management System: from 2025 and before through 18022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CWE-79Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation In...
Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing, Brute Force. This issue affects Wispotter: from 1.0 before v2025.10.08.1.
CWE-287CWE-307Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows R...
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion. This issue affects Liderahenk: from 3.0.0 to 3.3.1 before 3.5.0.
CWE-306Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EKA Software Computer Inform...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EKA Software Computer Information Advertising Services Ltd. Real Estate Script V5 (With Doping Module – Store Module – New Language System) allows Cross-Site Scripting (XSS). This issue affects Real Estate Script V5 (With Doping Module – Store Module – New Language System): through 17022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CWE-79In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata...
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata writepages [BUG] There is an internal report that over 1000 processes are waiting at the io_schedule_timeout() of balance_dirty_pages(), causing a system hang and trigger a kernel coredump. The kernel is v6.4 kernel based, but the root problem still applies to any upstream kernel before v6.18. [CAUSE] From Jan Kara for his wisdom on the dirty page balance behavior first. This cgroup dirty limit was what was actually playing the role here because the cgroup had only a small amount of memory and so the dirty limit for it was something like 16MB. Dirty throttling is responsible for enforcing that nobody can dirty (significantly) more dirty memory than there's dirty limit. Thus when a task is dirtying pages it periodically enters into balance_dirty_pages() and we let it sleep there to slow down the dirtying. When the system is over dirty limit already (either globally or within a cgroup of the running task), we will not let the task exit from balance_dirty_pages() until the number of dirty pages drops below the limit. So in this particular case, as I already mentioned, there was a cgroup with relatively small amount of memory and as a result with dirty limit set at 16MB. A task from that cgroup has dirtied about 28MB worth of pages in btrfs btree inode and these were practically the only dirty pages in that cgroup. So that means the only way to reduce the dirty pages of that cgroup is to writeback the dirty pages of btrfs btree inode, and only after that those processes can exit balance_dirty_pages(). Now back to the btrfs part, btree_writepages() is responsible for writing back dirty btree inode pages. The problem here is, there is a btrfs internal threshold that if the btree inode's dirty bytes are below the 32M threshold, it will not do any writeback. This behavior is to batch as much metadata as possible so we won't write back those tree blocks and then later re-COW them again for another modification. This internal 32MiB is higher than the existing dirty page size (28MiB), meaning no writeback will happen, causing a deadlock between btrfs and cgroup: - Btrfs doesn't want to write back btree inode until more dirty pages - Cgroup/MM doesn't want more dirty pages for btrfs btree inode Thus any process touching that btree inode is put into sleep until the number of dirty pages is reduced. Thanks Jan Kara a lot for the analysis of the root cause. [ENHANCEMENT] Since kernel commit b55102826d7d ("btrfs: set AS_KERNEL_FILE on the btree_inode"), btrfs btree inode pages will only be charged to the root cgroup which should have a much larger limit than btrfs' 32MiB threshold. So it should not affect newer kernels. But for all current LTS kernels, they are all affected by this problem, and backporting the whole AS_KERNEL_FILE may not be a good idea. Even for newer kernels I still think it's a good idea to get rid of the internal threshold at btree_writepages(), since for most cases cgroup/MM has a better view of full system memory usage than btrfs' fixed threshold. For internal callers using btrfs_btree_balance_dirty() since that function is already doing internal threshold check, we don't need to bother them. But for external callers of btree_writepages(), just respect their requests and write back whatever they want, ignoring the internal btrfs threshold to avoid such deadlock on btree inode dirty page balancing.
linuxCWE-667In the Linux kernel, the following vulnerability has been resolved: btrfs: send: check for inline extents in range_is_hole_in_parent() ...
In the Linux kernel, the following vulnerability has been resolved: btrfs: send: check for inline extents in range_is_hole_in_parent() Before accessing the disk_bytenr field of a file extent item we need to check if we are dealing with an inline extent. This is because for inline extents their data starts at the offset of the disk_bytenr field. So accessing the disk_bytenr means we are accessing inline data or in case the inline data is less than 8 bytes we can actually cause an invalid memory access if this inline extent item is the first item in the leaf or access metadata from other items.
linuxAuthorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc
Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables. This issue affects E-Commerce Package: through 27112025.
farktorCWE-639This issue was addressed through improved state management
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26. An attacker with root privileges may be able to delete protected system files.
appleCWE-269An authorization issue was addressed with improved state management
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26. An app may be able to access sensitive user data.
appleCWE-285A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.2.3354 build 20251225 and later QuTS hero h6.0.0.3397 build 20260206 and later
qnapCWE-476Authorization Bypass Through User-Controlled Key vulnerability in Saastech Cleaning and Internet Services Inc
Authorization Bypass Through User-Controlled Key vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Manipulating User-Controlled Variables. This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CWE-639User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spo...
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
microsoftCWE-1286CWE-345A flaw was found in GnuTLS
A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).
CWE-407Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd
Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data. This issue affects Senseway: through 09022026. NOTE: Because the product was developed using outdated technology, the manufacturer is unable to fix the relevant vulnerabilities. Users of the Sensaway application are advised to contact the manufacturer and review updated products developed with newer technology.
CWE-312CWE-922Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd
Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation. This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CWE-201
4.3 MEDIUMWeekly digest
Get the curated CVE digest every Monday
One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.
Pipe the CVE feed into your stack.
CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.