CVE Watch
Every published CVE, mapped to engagement reality.
Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.
An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before...
An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors.
synologyCWE-829An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business...
An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors.
synologyCWE-829A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root
A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.
mbs-solutionsCWE-121A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root
A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.
mbs-solutionsCWE-121A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root
A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.
mbs-solutionsCWE-121The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of us...
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.
mbs-solutionsCWE-22The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of u...
The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.
mbs-solutionsCWE-20The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation o...
The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
mbs-solutionsCWE-73The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of us...
The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
mbs-solutionsCWE-73The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of u...
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
mbs-solutionsCWE-73The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation ...
The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
mbs-solutionsCWE-73The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of...
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
mbs-solutionsCWE-73A vulnerability has been found in cilium ebpf up to 0.21.0
A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The name of the patch is 533dfc82fd228bfadf42ea7180c39de7d9af47fa. A patch should be applied to remediate this issue.
ciliumCWE-189CWE-190It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted infor...
It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.
CWE-200Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation
Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0.
CWE-266Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows S...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 93.2.0.
CWE-89Incorrect Authorization vulnerability in ABB T-MAC Plus
Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
abbCWE-863Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
abbCWE-79Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus
Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
abbCWE-639A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which...
A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the `api_key` field in gateway secrets can accept `$ENV_VAR` references, which are resolved against the MLflow server's environment during runtime. The resolved secrets are then sent in provider authentication headers to the configured upstream `api_base`. This vulnerability can be exploited by low-privileged authenticated users in basic-auth deployments or by unauthenticated users in default deployments without `basic-auth`. The impact includes potential leakage of sensitive credentials such as cloud artifact credentials (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`), which could lead to artifact poisoning and cross-boundary code execution in downstream environments. The issue is fixed in version 3.11.0.
lfprojectsCWE-201
7.8 HIGH
3.3 LOWWeekly digest
Get the curated CVE digest every Monday
One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.
Pipe the CVE feed into your stack.
CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.