CVE Watch
Every published CVE, mapped to engagement reality.
Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
CWE-190CWE-20Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
microsoftCWE-843Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attac...
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
microsoftCWE-416Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attac...
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
microsoftCWE-362CWE-416Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
microsoftCWE-122Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized...
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
microsoftCWE-190CWE-416Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
microsoftCWE-416Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network
Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.
microsoftCWE-287CWE-347A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 al...
A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets.
fortinetCWE-787The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerabilit...
The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerability (CWE-78) in its HDFS file operation utilities. The vulnerability arises from the unsafe construction and execution of shell commands via os.system() without proper input sanitization or escaping. User-controlled input (such as file paths) is directly interpolated into shell command strings using f-strings within the _copy() function. An attacker can inject arbitrary OS commands by supplying a specially crafted path parameter through the Hydra configuration framework. This leads to remote code execution with the privileges of the user running the TinyZero training process.
CWE-78The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d3...
The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary code execution. When a user supplies a directory path via the --model command-line argument, the function reads a module.py file from that directory and executes its contents directly using Python's exec() function. This design does not validate or sanitize the file's content, allowing an attacker who controls the input directory to execute arbitrary Python code in the context of the process running the script.
nebulyCWE-94The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/{object_name:path} endpoint lacks authentication, authorization, and input validation mechanisms. Unauthenticated remote attackers can send crafted requests with a user-controlled object_name path parameter to delete arbitrary files from the underlying MinIO storage system. Successful exploitation leads to data loss and denial of service.
nexentCWE-552The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /{index_name}/documents endpoint lacks proper authentication and authorization controls and does not validate the user-supplied path_or_url parameter. This allows unauthenticated remote attackers to send crafted requests that trigger the deletion of arbitrary documents from ElasticSearch indices and corresponding files from the MinIO storage system. Successful exploitation leads to data destruction and denial of service.
nexentCWE-552Sandbox escape in the Profile Backup component
Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
mozillaCWE-693Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in elixir-ecto postgrex ('Elixir.Postg...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in elixir-ecto postgrex ('Elixir.Postgrex.Notifications' module) allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and 'Elixir.Postgrex.Notifications':unlisten/3 is interpolated directly into LISTEN "..." / UNLISTEN "..." SQL statements without escaping the " character. An attacker who can influence the channel name can inject a " to break out of the quoted identifier and append arbitrary SQL. Because the notifications connection uses the PostgreSQL simple query protocol, multi-statement payloads are accepted, allowing DDL and DML commands to be chained (e.g. ; DROP TABLE ...; --). The same unsanitized interpolation also occurs in handle_connect/1 when replaying LISTEN commands after a reconnect. This vulnerability is associated with program file lib/postgrex/notifications.ex and program routines 'Elixir.Postgrex.Notifications':listen/3, 'Elixir.Postgrex.Notifications':unlisten/3, 'Elixir.Postgrex.Notifications':handle_connect/1. This issue affects postgrex: from 0.16.0 before 0.22.2, from pkg:github/elixir-ecto/postgrex@266b530faf9bde094e31e0e4ab851f933fadc0f5 before 0.22.2.
elixir-ectoCWE-89JIT miscompilation in the JavaScript Engine: JIT component
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
mozillaCWE-119CWE-686When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, ena...
When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid using safe filter until on fixed version. No publicly available exploits are known.
dovecotopen-xchangeCWE-235Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files
Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process.
CWE-122A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamce...
A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application contains hardcoded key which is used for obfuscation stored directly into the application. This could allow an attacker to obtain these keys and misuse them to gain unauthorized access.
siemensCWE-798A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamce...
A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application does not properly encode or filter user-supplied data. This could allow an attacker to inject malicious code that can be executed by other users when they visit the affected page.
siemensCWE-79
7.3 HIGH
9.1 CRITICALWeekly digest
Get the curated CVE digest every Monday
One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.
Pipe the CVE feed into your stack.
CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.