
CVE Watch
Every published CVE, mapped to engagement reality.
Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.
In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586)
In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586).
cpanelCWE-362The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585)
The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).
cpanelCWE-502The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585)
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).
cpanelCWE-611An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows SQL Injection via crafted data at the end of a string.
foxitsoftwareCWE-89An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because a CombineFiles pathname is not validated.
foxitsoftwareAn issue was discovered in Foxit Reader and PhantomPDF before 10.1.4
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated.
foxitsoftwareAn issue was discovered in Foxit Reader and PhantomPDF before 10.1.4
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka CNVD-C-2021-68000 and CNVD-C-2021-68502.
foxitsoftwareCWE-427An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink.
foxitsoftwareCWE-59An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects.
foxitsoftwareCWE-674An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows memory corruption during conversion of a PDF document to a different document format.
foxitsoftwareCWE-787An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS
An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS. It mishandles missing dictionary entries, leading to a NULL pointer dereference, aka CNVD-C-2021-95204.
foxitfoxitsoftwareCWE-476An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows stack consumption during recursive processing of embedded XML nodes.
foxitsoftwareCWE-674An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows writing to arbitrary files via submitForm.
foxitsoftwareAn issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows an out-of-bounds read via util.scand.
foxitsoftwareCWE-125An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It mishandles situations in which an array size (derived from a /Size entry) is smaller than the maximum indirect object number, and thus there is an attempted incorrect array access (leading to a NULL pointer dereference, or out-of-bounds read or write).
foxitfoxitsoftwareCWE-129The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue
The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite CNMurGE.dll and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of privileges. This occurs because the driver drops a world-writable DLL into a CanonBJ %PROGRAMDATA% location that gets loaded by printisolationhost (a system process).
canonCWE-732An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute ar...
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 9.0 version 9.0.10 through PAN-OS 9.0.14; PAN-OS 9.1 version 9.1.4 through PAN-OS 9.1.10; PAN-OS 10.0 version 10.0.7 and earlier PAN-OS 10.0 versions; PAN-OS 10.1 version 10.1.0 through PAN-OS 10.1.1. Prisma Access firewalls and firewalls running PAN-OS 8.1 versions are not impacted by this issue.
paloaltonetworksCWE-78In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions d...
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.
trustedfirmwareCWE-327Certain NETGEAR devices are affected by command injection by an unauthenticated attacker
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.
netgearCWE-77Certain NETGEAR devices are affected by command injection by an unauthenticated attacker
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26.
netgearCWE-77
Weekly digest
Get the curated CVE digest every Monday
One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.
Pipe the CVE feed into your stack.
CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.