
CVE Watch
Every published CVE, mapped to engagement reality.
Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.
lobster-worldCWE-611Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server
Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.
4dCWE-611VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid ...
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl, download_xml.pl, download.pl, downloadmib.pl, or downloadFile.pl with directory traversal payloads to read sensitive system files like /etc/passwd.
CWE-22Free Download Manager 2.0 Build 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers ...
Free Download Manager 2.0 Build 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitation. Attackers can craft a malicious URL file that, when imported through the File > Import > Import lists of downloads menu, causes a buffer overflow in the Location header response that overwrites the SEH chain and executes arbitrary code.
CWE-120Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Techn...
Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection. This issue affects Pardus OS My Computer: from <=0.7.5 before 0.8.0.
CWE-78Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute P...
Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before 1.2.2.
CWE-59Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technolog...
Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process. This issue affects Pardus Software Center: from 1.0.2 before 1.0.3.
CWE-266CWE-269Local privilege escalation due to improper input validation
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183.
CWE-123Local privilege escalation due to improper input validation
Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183.
CWE-787Local privilege escalation due to DLL hijacking vulnerability
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212.
CWE-427Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Par...
Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass. This issue affects Pardus Update: from 0.6.3 before 0.6.4.
CWE-93OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable co...
OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without the operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the local assistant system.
openclawCWE-863OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates...
OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates identity-bearing operator.read requests to runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway auth route to gain unauthorized write access to runtime operations.
openclawCWE-863Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0
Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jwts.go fails to validate the JWT signature when verifying host tokens. An attacker can forge a JWT signed with any arbitrary key and use it to impersonate any host in the network, gaining access to sensitive information
netmakerCWE-347An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated attacker with network access can exploit this vulnerability by sending crafted requests to the exposed endpoint to enumerate cluster metadata, including virtual machine information and cluster configuration details. While the API primarily supports read-only operations, it also allows certain cluster maintenance workflows to be invoked. Although this vulnerability does not allow persistent modification of system configurations or access to credentials or sensitive user data, successful exploitation may result in disruption of active workloads, leading to loss of service availability within the affected environment.
ciscoCWE-306CWE-862An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authentic...
An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitation of this vulnerability could allow an authenticated user to obtain administrator privileges. It is not possible to escalate privileges through the graphical user interface.
agilonhealthCWE-285Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselve...
Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the attacker to achieve user-level remote code execution on the affected client.
draugiemgroupCWE-295CWE-296KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of the application san...
KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or executables. (By default, Dolphin will then prompt the user to determine if they want to launch a script or executable; however, the intended behavior is to block the attempted action, not present a consent prompt.)
CWE-669OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface
OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.
CWE-829An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cau...
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3.
pimcoreCWE-79
Weekly digest
Get the curated CVE digest every Monday
One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.
Pipe the CVE feed into your stack.
CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.