
CVE Watch
Every published CVE, mapped to engagement reality.
Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.
zohocorpCWE-89SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php
SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php.
phpgurukulCWE-89Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php
Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php.
phpgurukulCWE-79Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console
Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected.
proofpointCWE-89XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from c...
XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file.
adobedebianCWE-476Frontier is Substrate's Ethereum compatibility layer
Frontier is Substrate's Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for `pallet-ethereum`, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of this to put invalid transactions into a block. The attack is limited in that the signature is always validated, and the majority of the validation is done again in the subsequent `pallet-evm` execution logic. However, do note that a chain ID replay attack was possible. In addition, spamming attacks are of main concerns, while they are limited by Substrate block size limits and other factors. The issue is patched in commit `146bb48849e5393004be5c88beefe76fdf009aba`.
parityCWE-20Intune Management Extension Security Feature Bypass Vulnerability
Intune Management Extension Security Feature Bypass Vulnerability
microsoftActive Directory Federation Server Spoofing Vulnerability
Active Directory Federation Server Spoofing Vulnerability
microsoft.NET Core and Visual Studio Information Disclosure Vulnerability
.NET Core and Visual Studio Information Disclosure Vulnerability
microsoftMicrosoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
microsoftCWE-79Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability
microsoftMicrosoft Exchange Server Spoofing Vulnerability
Microsoft Exchange Server Spoofing Vulnerability
microsoftConsole Window Host Security Feature Bypass Vulnerability
Console Window Host Security Feature Bypass Vulnerability
microsoftWindows Fast FAT File System Driver Information Disclosure Vulnerability
Windows Fast FAT File System Driver Information Disclosure Vulnerability
microsoftWindows MSHTML Platform Remote Code Execution Vulnerability
Windows MSHTML Platform Remote Code Execution Vulnerability
microsoftMicrosoft DWM Core Library Elevation of Privilege Vulnerability
Microsoft DWM Core Library Elevation of Privilege Vulnerability
microsoftCWE-269Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
microsoftActive Directory Security Feature Bypass Vulnerability
Active Directory Security Feature Bypass Vulnerability
microsoftWindows Kernel Information Disclosure Vulnerability
Windows Kernel Information Disclosure Vulnerability
microsoftWindows Print Spooler Information Disclosure Vulnerability
Windows Print Spooler Information Disclosure Vulnerability
microsoft
Weekly digest
Get the curated CVE digest every Monday
One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.
Pipe the CVE feed into your stack.
CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.