QSearchQSearch
A vertical stack of five horizontal severity-tier bars rendered with Swiss tabular precision, descending in opacity from a hot volt-lime upper bar through a cooler signal-blue lower bar, evoking vulnerability severity stratification

CVE Watch

Every published CVE, mapped to engagement reality.

Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.

Tracking 12096 CVEsUpdated dailyLatest entry 2026-06-26
  • CVE-2021-396139.8 CRITICAL2021-08-23

    D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/et...

    D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

    dlinkCWE-798
  • CVE-2021-396087.2 HIGH2021-08-23

    Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious use...

    Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code.

    flatcoreCWE-434
  • CVE-2021-391588.8 HIGH2021-08-23

    NVCaffe's python required dependencies list used to contain `gfortran`version prior to 0.17.4, entry which does not exist in the reposito...

    NVCaffe's python required dependencies list used to contain `gfortran`version prior to 0.17.4, entry which does not exist in the repository pypi.org. An attacker could potentially have posted malicious files to pypi.org causing a user to install it within NVCaffe.

    nvidiaCWE-345
  • CVE-2021-391528.5 HIGH2021-08-23

    XStream is a simple library to serialize objects to XML and back again

    XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.

    debianfedoraprojectnetappCWE-502CWE-918
  • CVE-2021-391508.5 HIGH2021-08-23

    XStream is a simple library to serialize objects to XML and back again

    XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.

    debianfedoraprojectnetappCWE-502CWE-918
  • CVE-2021-391548.5 HIGH2021-08-23

    XStream is a simple library to serialize objects to XML and back again

    XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

    debianfedoraprojectnetappCWE-434CWE-502
  • CVE-2021-391538.5 HIGH2021-08-23

    XStream is a simple library to serialize objects to XML and back again

    XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

    debianfedoraprojectnetappCWE-434CWE-502
  • CVE-2021-391518.5 HIGH2021-08-23

    XStream is a simple library to serialize objects to XML and back again

    XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

    debianfedoraprojectnetappCWE-434CWE-502
  • CVE-2021-391498.5 HIGH2021-08-23

    XStream is a simple library to serialize objects to XML and back again

    XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

    debianfedoraprojectnetappCWE-434CWE-502
  • CVE-2021-391488.5 HIGH2021-08-23

    XStream is a simple library to serialize objects to XML and back again

    XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

    debianfedoraprojectnetappCWE-434CWE-502
  • CVE-2021-391478.5 HIGH2021-08-23

    XStream is a simple library to serialize objects to XML and back again

    XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

    debianfedoraprojectnetappCWE-434CWE-502
  • CVE-2021-391468.5 HIGH2021-08-23

    XStream is a simple library to serialize objects to XML and back again

    XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

    debianfedoraprojectnetappCWE-434CWE-502
  • CVE-2021-391458.5 HIGH2021-08-23

    XStream is a simple library to serialize objects to XML and back again

    XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

    debianfedoraprojectnetappCWE-434CWE-502
  • CVE-2021-391448.5 HIGH2021-08-23

    XStream is a simple library to serialize objects to XML and back again

    XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

    debianfedoraprojectnetappCWE-306CWE-502
  • CVE-2021-391418.5 HIGH2021-08-23

    XStream is a simple library to serialize objects to XML and back again

    XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

    debianfedoraprojectnetappCWE-434CWE-502
  • CVE-2021-391398.5 HIGH2021-08-23

    XStream is a simple library to serialize objects to XML and back again

    XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

    debianfedoraprojectnetappCWE-434CWE-502
  • CVE-2021-36948.2 HIGH2021-08-23

    LedgerSMB does not sufficiently HTML-encode error messages sent to the browser

    LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

    debianledgersmbCWE-79
  • CVE-2021-36938.8 HIGH2021-08-23

    LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM

    LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

    debianledgersmbCWE-79
  • CVE-2021-392918.8 HIGH2021-08-23

    Certain NetModule devices allow credentials via GET parameters to CLI-PHP

    Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.

    netmoduleCWE-532
  • CVE-2021-392909.8 CRITICAL2021-08-23

    Certain NetModule devices allow Limited Session Fixation via PHPSESSID

    Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.

    netmoduleCWE-384

Weekly digest

Get the curated CVE digest every Monday

One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.

Pipe the CVE feed into your stack.

CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.