A vertical stack of five horizontal severity-tier bars rendered with Swiss tabular precision, descending in opacity from a hot volt-lime upper bar through a cooler signal-blue lower bar, evoking vulnerability severity stratification

CVE Watch

Every published CVE, mapped to engagement reality.

Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.

Tracking 12096 CVEsUpdated dailyLatest entry 2026-06-26

Subscribe via RSS Weekly digest by email

CVE-2021-418675.3 MEDIUM2021-10-04
An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of...
An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature.
onionshare
CVE-2021-394865.4 MEDIUM2021-10-04
A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0
A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser.
gilacmsCWE-79
CVE-2021-388239.8 CRITICAL2021-10-04
The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue
The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser.
icehrmCWE-613
CVE-2021-388225.4 MEDIUM2021-10-04
A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitr...
A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands.
icehrmCWE-79
CVE-2021-415119.8 CRITICAL2021-10-04
The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection t...
The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication.
lodging_reservation_management_system_projectCWE-89
CVE-2021-418786.1 MEDIUM2021-10-04
A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attack...
A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and it is possible to insert a vulnerable malicious button.
hkurlCWE-79
CVE-2021-403239.8 CRITICAL2021-10-04
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for templat...
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
cobbler_projectCWE-94
CVE-2021-418613.3 LOW2021-10-04
The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability th...
The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted (on both the sender and recipient sides). The images are still present in the /Storage/Emulated/0/Telegram/Telegram Image/ directory.
telegram
CVE-2021-418629.8 CRITICAL2021-10-02
AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL)
AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL).
aviatorscript_projectCWE-74
CVE-2021-381095.5 MEDIUM2021-10-02
Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file
Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CDR file.
corelCWE-125
CVE-2021-381085.5 MEDIUM2021-10-02
Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file
Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file.
corelCWE-125
CVE-2021-381075.5 MEDIUM2021-10-02
CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file
CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CDR file.
corelCWE-125
CVE-2021-381065.5 MEDIUM2021-10-01
UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file
UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file.
corelCWE-125
CVE-2021-381055.5 MEDIUM2021-10-01
IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file
IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. This is different from CVE-2021-38102.
corelCWE-125
CVE-2021-381025.5 MEDIUM2021-10-01
IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file
IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. This is different from CVE-2021-38105.
corelCWE-125
CVE-2021-418456.5 MEDIUM2021-10-01
A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007
A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006.
thycoticCWE-89
CVE-2021-381045.5 MEDIUM2021-10-01
IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file
IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file.
corelCWE-125
CVE-2021-414676.1 MEDIUM2021-10-01
Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to ...
Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.
justwriting_projectCWE-79
CVE-2021-414656.1 MEDIUM2021-10-01
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote at...
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter.
concrete5-legacy_projectCWE-79
CVE-2021-414646.1 MEDIUM2021-10-01
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote atta...
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter.
concrete5-legacy_projectCWE-79

Weekly digest

Get the curated CVE digest every Monday

One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.

Pipe the CVE feed into your stack.

CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.

RSS feed Atom feed JSON feed