CVE Watch
Every published CVE, mapped to engagement reality.
Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
microsoftCWE-269Windows Text Shaping Remote Code Execution Vulnerability
Windows Text Shaping Remote Code Execution Vulnerability
microsoftWindows Nearby Sharing Elevation of Privilege Vulnerability
Windows Nearby Sharing Elevation of Privilege Vulnerability
microsoftCWE-269Windows Network Address Translation (NAT) Denial of Service Vulnerability
Windows Network Address Translation (NAT) Denial of Service Vulnerability
microsoftWindows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability
Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability
microsoftWindows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
microsoftMicrosoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
microsoftCWE-79Win32k Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
microsoftWin32k Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
microsoftCWE-416Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
microsoftCWE-269Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
microsoftRCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr
RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456
zephyrprojectCWE-787Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr
Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc
zephyrprojectCWE-191Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal
Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99
zephyrprojectCWE-191CWE-680Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.
froxlorCWE-89IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sens...
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980.
ibmCWE-326An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_C...
An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php.
os4edCWE-89SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit m...
SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the attacker to retrieve arbitrary files from the server.
sapCWE-611Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 P...
Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
sapCWE-94SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to...
SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
sap
7.8 HIGH
9.8 CRITICALWeekly digest
Get the curated CVE digest every Monday
One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.
Pipe the CVE feed into your stack.
CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.