CVE Watch
Every published CVE, mapped to engagement reality.
Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.
A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0
A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CWE-22luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the O...
luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user holding the luci.https-dns-proxy ACL permission can inject shell metacharacters through the 'name' parameter of a ubus RPC call to luci.https-dns-proxy setInitAction, resulting in arbitrary command execution as root on the underlying device. Core OpenWrt is not affected; only installations that have opted in to the luci-app-https-dns-proxy package are vulnerable.
CWE-77Karakeep is a elf-hostable bookmark-everything app
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery (SSRF) protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward internal/private network destinations, these protections could be bypassed through crafted HTTP redirect chains. By leveraging attacker-controlled redirects, an authenticated user could cause vulnerable application components to initiate requests toward internally reachable Docker network services accessible from the application environment. The issue affected multiple processing paths, including crawler-related functionality and video download processing flows. Version 0.32.0 contains a patch.
CWE-918OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell...
OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system commands in the context of the OpenKM application server.
CWE-94OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQ...
OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs parameter to the /admin/DatabaseQuery endpoint to extract sensitive data including usernames and password hashes from the OKM_USER table, modify permissions, or delete database records.
CWE-89OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows aut...
OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with action=Load. Attackers can exploit this to access sensitive files including /etc/passwd, configuration files containing database credentials, and JVM keystores accessible to the OpenKM process.
CWE-22libyang before 5.2.6 contains a heap use-after-free write vulnerability in lyd_parser_set_data_flags that incorrectly updates metadata li...
libyang before 5.2.6 contains a heap use-after-free write vulnerability in lyd_parser_set_data_flags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. Attackers can trigger this vulnerability by submitting crafted YANG XML documents with specific metadata attributes to applications parsing untrusted XML data, causing process crashes or potential code execution.
CWE-416gix-submodule before 0.29.0 (gitoxide before 0.5.21, gix before 0.84.0) incorrectly validates the update field in .gitmodules, allowing a...
gix-submodule before 0.29.0 (gitoxide before 0.5.21, gix before 0.84.0) incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An attacker can inject arbitrary shell commands via the update field in .gitmodules that will be executed when Submodule::update() is called on a previously-initialized submodule, enabling remote code execution.
CWE-77FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bo...
FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16_MAX but performs copy operations using unclamped cache entry dimensions, enabling malicious RDP servers to trigger large out-of-bounds writes and potentially achieve remote code execution or client crash.
freerdpCWE-122A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10
A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CWE-74CWE-89A weakness has been identified in CodeAstro Leave Management System 1.0
A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/add_staff.php. Executing a manipulation of the argument email_id can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
CWE-74CWE-89A security flaw has been discovered in Squirrel up to 3.2
A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
squirrel-langCWE-119CWE-122A vulnerability was identified in vllm-project vllm 0.19.0
A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The pull request to fix this issue awaits acceptance.
CWE-404Zohocorp Zoho Mail wordpress plugin is vulnerable to Cross-Site request forgery (CSRF)
Zohocorp Zoho Mail wordpress plugin is vulnerable to Cross-Site request forgery (CSRF). This issue affects Zoho Mail wordpress plugin versions before 1.6.2.
CWE-352When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Managemen...
When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC).
CWE-89A Check Point HTTP-based service can incorrectly handle malformed HTTP requests
A Check Point HTTP-based service can incorrectly handle malformed HTTP requests. The issue is related to HTTP request parsing and validation.
CWE-122When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow
When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to disruptions such as loss of stored incident entries, incorrect handling of pending approvals, or resource impact if the issue is abused repeatedly. Exposure is reduced if the UserCheck Portal is not accessible from untrusted networks.
CWE-89When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain inter...
When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway.
CWE-98The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP)
The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service (temporary interruption of VPN negotiations/traffic).
CWE-125The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection at...
The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disruption of VPN-related functionality).
CWE-122
7.3 HIGH
4.9 MEDIUMWeekly digest
Get the curated CVE digest every Monday
One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.
Pipe the CVE feed into your stack.
CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.