CVE Watch
Every published CVE, mapped to engagement reality.
Crawled from cve.org every day. Each entry annotated with the QSearch coverage signal — how many of our agents, skills, and playbooks address the technique. Subscribe via RSS for SIEM pipe, or get the weekly digest by email.
Memory corruption while using Strongbox due to buffer overflow
Memory corruption while using Strongbox due to buffer overflow.
qualcommCWE-120Memory corruption while using Strongbox due to missing bounds check
Memory corruption while using Strongbox due to missing bounds check.
qualcommCWE-129Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications
Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.
qualcommCWE-367Memory corruption while processing multiple IOCTL command for escape operations
Memory corruption while processing multiple IOCTL command for escape operations.
qualcommCWE-787Memory corruption while processing IOCTL calls for escape operations
Memory corruption while processing IOCTL calls for escape operations.
qualcommCWE-125Kiteworks is a private data network (PDN)
Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global configuration parameters. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.
accellionCWE-89Kiteworks is a private data network (PDN)
Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.
accellionCWE-639Kiteworks is a private data network (PDN)
Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.
accellionCWE-79Memory Corruption when processing fastboot commands to set display mode
Memory Corruption when processing fastboot commands to set display mode.
qualcommCWE-1286Memory corruption while processing fastboot commands with improperly formatted input
Memory corruption while processing fastboot commands with improperly formatted input.
qualcommCWE-1286Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow
Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow.
qualcommCWE-306Memory corruption while processing fastboot commands with invalid input
Memory corruption while processing fastboot commands with invalid input.
qualcommCWE-1286Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader
Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
qualcommCWE-306Memory corruption while processing fastboot OEM commands
Memory corruption while processing fastboot OEM commands.
qualcommCWE-1286Memory Corruption when processing display command line information due to improper initialization of a variable
Memory Corruption when processing display command line information due to improper initialization of a variable.
qualcommCWE-121A security vulnerability has been detected in SGLang 0.5.10.post1
A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora_manager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lora_path leads to reachable assertion. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.
CWE-617A weakness has been identified in code-projects Online Hospital Management System 1.0
A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resource identifiers. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CWE-99A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2
A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CWE-404CWE-476A vulnerability was found in SourceCodester Customer Review App 1.0
A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function add_review/save_review/get_all_reviews of the file review_app.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local approach. The exploit has been made public and could be used.
CWE-404Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization
Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.
qualcommCWE-476
8.8 HIGH
3.7 LOWWeekly digest
Get the curated CVE digest every Monday
One email a week, sent Monday morning CET. The CVEs published or modified in the last seven days, severity-ordered, with the QSearch coverage signal. Unsubscribe with one click — included in every send.
Pipe the CVE feed into your stack.
CVE Watch publishes RSS, Atom, and JSON feeds — wire them into your SIEM, Slack, Discord, or your RSS reader of choice. Or get the curated weekly digest by email.