A vertical stack of five horizontal severity-tier bars rendered with Swiss tabular precision, descending in opacity from a hot volt-lime upper bar through a cooler signal-blue lower bar, evoking vulnerability severity stratification

CVE Watch

Every published CVE, mapped to engagement reality.

Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.

Tracking 9405 CVEsUpdated dailyLatest entry 2026-06-14

Subscribe via RSS Weekly digest by email

CVE-2024-59609.8 CRITICAL2024-09-18
Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials
Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials. This issue affects Panel: before v2.3.24.
elizsoftwareCWE-256
CVE-2024-71049.8 CRITICAL2024-09-16
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection. This issue affects ww.Winsure: before 4.6.2.
sfsCWE-94
CVE-2024-70989.8 CRITICAL2024-09-16
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection. This issue affects ww.Winsure: before 4.6.2.
sfsCWE-611
CVE-2024-64019.8 CRITICAL2024-09-16
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQ...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection. This issue affects InsureE GL: before 4.6.2.
sfsCWE-89
CVE-2024-66569.8 CRITICAL2024-09-13
Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable
Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable. This issue affects Cockpit Software: before v2.13.
tnbmobilCWE-798
CVE-2024-70159.8 CRITICAL2024-09-09
Missing Authentication for Critical Function vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse
Missing Authentication for Critical Function vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse. This issue affects PassBox: before v1.2.
profelisCWE-306
CVE-2024-451599.8 CRITICAL2024-09-05
An issue was discovered in Mbed TLS 3.x before 3.6.1
An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have the MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits clear. As a result, an attacker that had a certificate valid for uses other than TLS client authentication would nonetheless be able to use it for TLS client authentication. Only TLS 1.3 servers were affected, and only with optional authentication (with required authentication, the handshake would be aborted with a fatal alert).
trustedfirmwareCWE-295
CVE-2024-451589.8 CRITICAL2024-09-05
An issue was discovered in Mbed TLS 3.6 before 3.6.1
An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)
trustedfirmwareCWE-121
CVE-2024-70789.8 CRITICAL2024-09-04
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consult...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection. This issue affects Semtek Sempos: through 31072024.
semtekyazilimCWE-89
CVE-2024-70769.8 CRITICAL2024-09-04
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consult...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection. This issue affects Semtek Sempos: through 31072024.
semtekyazilimCWE-89
CVE-2024-42599.8 CRITICAL2024-09-03
Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect...
Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users. This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7.
sambasCWE-862
CVE-2024-69199.8 CRITICAL2024-09-02
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection. This issue affects NACPremium: through 01082024.
nacCWE-89
CVE-2024-44289.8 CRITICAL2024-08-29
Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal al...
Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users. This issue affects Managment Portal: through 21.05.2024.
menuluxCWE-306CWE-862
CVE-2024-70719.8 CRITICAL2024-08-27
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability ...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQL Injection. This issue affects Brain Low-Code: before 2.1.0.
brainlowcodeCWE-89
CVE-2024-75939.8 CRITICAL2024-08-13
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticate...
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
ivantiCWE-287CWE-303
CVE-2024-69179.8 CRITICAL2024-08-12
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase O...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection. This issue affects Veribase Order Management: before v4.010.2.
veribaseCWE-78
CVE-2024-66999.8 CRITICAL2024-07-30
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mikafon Electronic Inc
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mikafon Electronic Inc. Mikafon MA7 allows SQL Injection. This issue affects Mikafon MA7: from v3.0 before v3.1.
mikafonCWE-89
CVE-2024-08579.8 CRITICAL2024-07-18
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection. This issue affects FlexWater Corporate Water Management: before 5.452.0.
uni-yazCWE-89
CVE-2024-56199.6 CRITICAL2024-07-18
Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Inc...
Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Apinizer Management Console: before 2024.05.1.
CWE-639
CVE-2024-56189.9 CRITICAL2024-07-18
Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing...
Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Apinizer Management Console: before 2024.05.1.
CWE-732

Weekly digest

Get the curated CVE digest every Monday

One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.

Pipe the CVE feed into your stack.

CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.

RSS feed Atom feed JSON feed