CVE Watch
Every published CVE, mapped to engagement reality.
Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.
prism is vulnerable to Inefficient Regular Expression Complexity
prism is vulnerable to Inefficient Regular Expression Complexity
prismjsCWE-1333hestiacp is vulnerable to Use of Wrong Operator in String Comparison
hestiacp is vulnerable to Use of Wrong Operator in String Comparison
hestiacpCWE-597PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the ...
PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code.
pdftronCWE-79In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component allows attackers to break encryption by trigg...
In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component allows attackers to break encryption by triggering reboots.
riot-osCWE-330Microsoft Accessibility Insights for Android Information Disclosure Vulnerability
Microsoft Accessibility Insights for Android Information Disclosure Vulnerability
microsoftMicrosoft Dynamics Business Central Cross-site Scripting Vulnerability
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
microsoftCWE-79yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
yourlsCWE-79yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
yourlsCWE-79peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
framasoftCWE-79Microsoft Edge (Chromium-based) Tampering Vulnerability
Microsoft Edge (Chromium-based) Tampering Vulnerability
microsoftMicrosoft Office Graphics Component Information Disclosure Vulnerability
Microsoft Office Graphics Component Information Disclosure Vulnerability
microsoftOpen Management Infrastructure Remote Code Execution Vulnerability
Open Management Infrastructure Remote Code Execution Vulnerability
microsoftWindows Storage Information Disclosure Vulnerability
Windows Storage Information Disclosure Vulnerability
microsoftWindows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
microsoftWindows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
microsoftBitLocker Security Feature Bypass Vulnerability
BitLocker Security Feature Bypass Vulnerability
microsoftWindows Ancillary Function Driver for WinSock Information Disclosure Vulnerability
Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability
microsoftWindows Key Storage Provider Security Feature Bypass Vulnerability
Windows Key Storage Provider Security Feature Bypass Vulnerability
microsoftCWE-639libmobi is vulnerable to Out-of-bounds Write
libmobi is vulnerable to Out-of-bounds Write
libmobi_projectCWE-787Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activate...
Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page.
beegoCWE-79
6.5 MEDIUM
9.8 CRITICALWeekly digest
Get the curated CVE digest every Monday
One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.
Pipe the CVE feed into your stack.
CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.