CVE Watch
Every published CVE, mapped to engagement reality.
Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.
Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc
Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing. This issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15.
CWE-203CWE-208Authorization Bypass Through User-Controlled Key vulnerability in Anadolu Hayat Emeklilik Inc
Authorization Bypass Through User-Controlled Key vulnerability in Anadolu Hayat Emeklilik Inc. AHE Mobile allows Privilege Abuse. This issue affects AHE Mobile: from 1.9.7 before 1.9.9.
CWE-639Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Horato Internet Technologies...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Horato Internet Technologies Ind. And Trade Inc. Virtual Library Platform allows Reflected XSS. This issue affects Virtual Library Platform: before v202.
CWE-79Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akıllı Ticaret Software Tech...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akıllı Ticaret Software Technologies Ltd. Co. Smart Trade E-Commerce allows Reflected XSS. This issue affects Smart Trade E-Commerce: before 4.5.0.0.1.
CWE-79Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd
Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Parameter Injection. This issue affects OBS (Student Affairs Information System): before v26.0328.
CWE-639Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saysis Computer Systems Trad...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saysis Computer Systems Trade Ltd. Co. StarCities E-Municipality Management allows Cross-Site Scripting (XSS). This issue affects StarCities E-Municipality Management: before 20250825.
CWE-79Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc
Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows Forceful Browsing. This issue affects eBA Document and Workflow Management System: from 6.7.164 before 6.7.166.
CWE-285CWE-639URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pusula Communication Information Internet Industry and Trade Ltd
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pusula Communication Information Internet Industry and Trade Ltd. Co. Manageable Email Sending System allows Exploiting Trust in Client. This issue affects Manageable Email Sending System: from <=2025.06 before 2025.08.06.
CWE-601In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_sta...
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats() When blkg_alloc() is called to allocate a blkcg_gq structure with the associated blkg_iostat_set's, there are 2 fields within blkg_iostat_set that requires proper initialization - blkg & sync. The former field was introduced by commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()") while the later one was introduced by commit f73316482977 ("blk-cgroup: reimplement basic IO stats using cgroup rstat"). Unfortunately those fields in the blkg_iostat_set's are not properly re-initialized when they are cleared in v1's blkcg_reset_stats(). This can lead to a kernel panic due to NULL pointer access of the blkg pointer. The missing initialization of sync is less problematic and can be a problem in a debug kernel due to missing lockdep initialization. Fix these problems by re-initializing them after memory clearing.
linuxCWE-476Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Paraşüt Software Bizmu allow...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Paraşüt Software Bizmu allows Cross-Site Scripting (XSS). This issue affects Bizmu: from 2.27.0 through 20250212.
CWE-79Authorization Bypass Through User-Controlled Key vulnerability in SecHard Information Technologies SecHard allows Forceful Browsing
Authorization Bypass Through User-Controlled Key vulnerability in SecHard Information Technologies SecHard allows Forceful Browsing. This issue affects SecHard: before 3.6.2-20250805.
CWE-639Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Shopside Software Shopside A...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Shopside Software Shopside App allows Cross-Site Scripting (XSS). This issue requires high privileges. This issue affects Shopside App: before 17.02.2025.
CWE-79Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Restriction of Rendered UI Layers o...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows Phishing, iFrame Overlay, Clickjacking, Forceful Browsing. This issue needs high privileges. This issue affects MevzuatTR: before 12.02.2025.
CWE-1021CWE-79Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Paraşüt Software Paraşüt all...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Paraşüt Software Paraşüt allows Cross-Site Scripting (XSS). This issue affects Paraşüt: from 0.0.0.65efa44e through 20250204.
CWE-79Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zirve Information Technologi...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zirve Information Technologies Inc. Zirve Nova allows Cross-Site Scripting (XSS). This issue affects Zirve Nova: from 235 through 20250131.
CWE-79Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, Imp...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Patika Global Technologies HumanSuite allows Cross-Site Scripting (XSS), Phishing. This issue affects HumanSuite: before 53.21.0.
CWE-116CWE-74Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource in Another Sphere, Improper Authorization...
Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource in Another Sphere, Improper Authorization vulnerability in Patika Global Technologies HumanSuite allows Exploiting Trust in Client. This issue affects HumanSuite: before 53.21.0.
CWE-285CWE-610Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Holistic IT, Consultancy Coop
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Holistic IT, Consultancy Coop. Workcube ERP allows Reflected XSS. This issue affects Workcube ERP: from V12 - V14 before Cognitive.
CWE-79Authorization Bypass Through User-Controlled Key vulnerability in Beefull Energy Technologies Beefull App allows Exploitation of Trusted ...
Authorization Bypass Through User-Controlled Key vulnerability in Beefull Energy Technologies Beefull App allows Exploitation of Trusted Identifiers. This issue affects Beefull App: before 24.07.2025.
CWE-639Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dolusoft Omaspot allows Refl...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dolusoft Omaspot allows Reflected XSS. This issue affects Omaspot: before 12.09.2025.
dolusoftCWE-79
4.3 MEDIUMWeekly digest
Get the curated CVE digest every Monday
One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.
Pipe the CVE feed into your stack.
CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.