CVE Watch
Every published CVE, mapped to engagement reality.
Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.
zohocorpCWE-611An issue was discovered in Zammad before 4.1.1
An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.
zammadCWE-918An issue was discovered in Zammad before 4.1.1
An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.
zammadCWE-502An issue was discovered in Zammad before 4.1.1
An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled.
zammadCWE-79An issue was discovered in Zammad before 4.1.1
An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API.
zammadAn issue was discovered in Zammad before 4.1.1
An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.
zammadCWE-79An issue was discovered in Zammad before 4.1.1
An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.
zammadCWE-835An issue was discovered in Zammad before 4.1.1
An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages.
zammadCWE-77An issue was discovered in Zammad before 4.1.1
An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.
zammadCWE-79Extensible Service Proxy, a.k.a
Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use it to do authorization. But if there are two "X-Endpoint-API-UserInfo" headers from the client, ESPv1 only replaces the first one, the 2nd one will be passed to the application. An attacker can send two "X-Endpoint-API-UserInfo" headers, the second one with a fake JWT claim. Application may use the fake JWT claim to do the authorization. This impacts following ESPv1 usages: 1) Users have configured ESPv1 to do JWT authentication with Google ID Token as described in the referenced google endpoint document. 2) Users backend application is using the info in the "X-Endpoint-API-UserInfo" header to do the authorization. It has been fixed by v1.58.0. You need to patch it in the following ways: * If your docker image is using tag ":1", needs to re-start the container to pick up the new version. The tag ":1" will automatically point to the latest version. * If your docker image tag pings to a specific minor version, e.g. ":1.57". You need to update it to ":1.58" and re-start the container. There are no workaround for this issue.
googleCWE-290In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-b...
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header.
visual-toolsCWE-78It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
apachefedoraprojectnetappCWE-22Apache OpenOffice has a dependency on expat software
Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in version 4.1.11 is patched.
apacheCWE-611Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file
Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS).
articaCWE-79Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash sto...
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.
articaCWE-697HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of ...
HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6.
hashicorpIntegria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading
Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.
articaCWE-434The Unicorn framework through 0.35.3 for Django allows XSS via component.name
The Unicorn framework through 0.35.3 for Django allows XSS via component.name.
django-unicornCWE-79An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2
An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, and growthexperiments-mentor-dashboard-mentee-overview-active-ago MediaWiki messages were not being properly sanitized and allowed for the injection and execution of HTML and JavaScript.
mediawikiCWE-79An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2
An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text (a parameter to mediasearch-did-you-mean) was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator within the query.
mediawikiCWE-79
9.8 CRITICAL
6.1 MEDIUMWeekly digest
Get the curated CVE digest every Monday
One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.
Pipe the CVE feed into your stack.
CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.