A vertical stack of five horizontal severity-tier bars rendered with Swiss tabular precision, descending in opacity from a hot volt-lime upper bar through a cooler signal-blue lower bar, evoking vulnerability severity stratification

CVE Watch

Every published CVE, mapped to engagement reality.

Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.

Tracking 9438 CVEsUpdated dailyLatest entry 2026-06-15

Subscribe via RSS Weekly digest by email

CVE-2026-331135.4 MEDIUM2026-06-09
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized ...
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
microsoftCWE-79
CVE-2026-321938.8 HIGH2026-06-09
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized...
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.
CWE-22
CVE-2026-283014.8 MEDIUM2026-06-09
A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website
A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website.
CWE-601
CVE-2026-261429.8 CRITICAL2026-06-09
Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network
Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.
CWE-502
CVE-2026-241817.3 HIGH2026-06-09
NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation
NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.
CWE-129
CVE-2026-241807.3 HIGH2026-06-09
NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow
NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.
CWE-122
CVE-2026-229267.8 HIGH2026-06-09
Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability
Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability.
CWE-22
CVE-2026-04202026-06-09
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an atta...
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models.
CWE-325
CVE-2026-04192026-06-09
Insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows users connected to...
Insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no further security updates are planned. NETGEAR strongly recommends replacing these devices with newer NETGEAR models to ensure continued security support and updates. This vulnerability has been identified through firmware emulation in a controlled research environment and has not been verified on production hardware.
CWE-20
CVE-2026-04182026-06-09
Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper ...
Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system.
CWE-15
CVE-2026-04172026-06-09
Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local netw...
Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity.
CWE-20
CVE-2026-04162026-06-09
An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with loca...
An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of protected router software or functionality.
CWE-20
CVE-2026-04152026-06-09
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local netwo...
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
CWE-20
CVE-2026-04142026-06-09
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local netwo...
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
CWE-94
CVE-2026-04132026-06-09
A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators con...
A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
CWE-121
CVE-2026-04122026-06-09
Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows admi...
Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in 2018 and is no longer receiving security updates. NETGEAR strongly recommends replacing these devices with newer NETGEAR models to ensure continued security support and updates. This vulnerability has been identified through firmware emulation in a controlled research environment and has not been verified on production hardware.
CWE-20
CVE-2026-04112026-06-09
An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network ...
An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not impacted by this issue.
CWE-200
CVE-2026-04102026-06-09
Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to rout...
Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality.
CWE-20
CVE-2026-04092026-06-09
A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Intern...
A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices before V12.1.2.7.
CWE-119
CVE-2026-80452026-06-09
CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side...
CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints.
CWE-611

Weekly digest

Get the curated CVE digest every Monday

One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.

Pipe the CVE feed into your stack.

CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.

RSS feed Atom feed JSON feed