CVE Watch
Every published CVE, mapped to engagement reality.
Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.
XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from c...
XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file.
adobedebianCWE-476Frontier is Substrate's Ethereum compatibility layer
Frontier is Substrate's Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for `pallet-ethereum`, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of this to put invalid transactions into a block. The attack is limited in that the signature is always validated, and the majority of the validation is done again in the subsequent `pallet-evm` execution logic. However, do note that a chain ID replay attack was possible. In addition, spamming attacks are of main concerns, while they are limited by Substrate block size limits and other factors. The issue is patched in commit `146bb48849e5393004be5c88beefe76fdf009aba`.
parityCWE-20Intune Management Extension Security Feature Bypass Vulnerability
Intune Management Extension Security Feature Bypass Vulnerability
microsoftActive Directory Federation Server Spoofing Vulnerability
Active Directory Federation Server Spoofing Vulnerability
microsoft.NET Core and Visual Studio Information Disclosure Vulnerability
.NET Core and Visual Studio Information Disclosure Vulnerability
microsoftMicrosoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
microsoftCWE-79Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability
microsoftMicrosoft Exchange Server Spoofing Vulnerability
Microsoft Exchange Server Spoofing Vulnerability
microsoftConsole Window Host Security Feature Bypass Vulnerability
Console Window Host Security Feature Bypass Vulnerability
microsoftWindows Fast FAT File System Driver Information Disclosure Vulnerability
Windows Fast FAT File System Driver Information Disclosure Vulnerability
microsoftWindows MSHTML Platform Remote Code Execution Vulnerability
Windows MSHTML Platform Remote Code Execution Vulnerability
microsoftMicrosoft DWM Core Library Elevation of Privilege Vulnerability
Microsoft DWM Core Library Elevation of Privilege Vulnerability
microsoftCWE-269Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
microsoftActive Directory Security Feature Bypass Vulnerability
Active Directory Security Feature Bypass Vulnerability
microsoftWindows Kernel Information Disclosure Vulnerability
Windows Kernel Information Disclosure Vulnerability
microsoftWindows Print Spooler Information Disclosure Vulnerability
Windows Print Spooler Information Disclosure Vulnerability
microsoftMicrosoft SharePoint Server Information Disclosure Vulnerability
Microsoft SharePoint Server Information Disclosure Vulnerability
microsoftWindows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
microsoftMicrosoft Excel Information Disclosure Vulnerability
Microsoft Excel Information Disclosure Vulnerability
microsoftWindows Bind Filter Driver Information Disclosure Vulnerability
Windows Bind Filter Driver Information Disclosure Vulnerability
microsoft
6.1 MEDIUMWeekly digest
Get the curated CVE digest every Monday
One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.
Pipe the CVE feed into your stack.
CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.