57 matches found
EUVD-2026-18090
A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and...
CVE-2026-3987 WatchGuard Firebox Arbitrary File Write vis Path Traversal in Fireware Web UI
A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and...
CVE-2026-3987
CVE-2026-3987 describes a path traversal vulnerability in the Fireware OS Web UI of WatchGuard Firebox systems. A privileged, authenticated remote attacker could trigger arbitrary code execution within an elevated system process. Affected are Fireware OS versions 12.6.1 through 12.11.8 and 2025.1...
PT-2026-29637
A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and...
EUVD-2026-17081
A Cross-Site Request Forgery CSRF vulnerability in the WatchGuard Fireware OS WebUI could allow a remote attacker to trigger a denial-of-service DoS condition in the Fireware Web UI by convincing an authenticated administrator into visiting a malicious web page.This issue affects Fireware OS: 11....
CVE-2026-4266
An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1...
CVE-2026-3342
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. This vulnerability affects Fireware OS 11.9 up to and including 11.12.4Update1, 12.0 up to and...
CVE-2026-3343
A reflected cross-site scripting XSS vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7...
EUVD-2026-9288
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. This vulnerability affects Fireware OS 11.9 up to and including 11.12.4Update1, 12.0 up to and...
CVE-2026-21665
The Print Service component of Fiserv Originate Loans Peripherals formerly Velocity Services in unsupported version 2021.2.4 build 4.7.3155.0011 uses deprecated .NET Remoting TCP channels that allow unsafe deserialization of untrusted data. When these services are exposed to an untrusted network ...
CVE-2026-21665
The Print Service component of Fiserv Originate Loans Peripherals formerly Velocity Services in unsupported version 2021.2.4 build 4.7.3155.0011 uses deprecated .NET Remoting TCP channels that allow unsafe deserialization of untrusted data. When these services are exposed to an untrusted network ...
CVE-2026-21665
The Print Service component of Fiserv Originate Loans Peripherals formerly Velocity Services in unsupported version 2021.2.4 build 4.7.3155.0011 uses deprecated .NET Remoting TCP channels that allow unsafe deserialization of untrusted data. When these services are exposed to an untrusted network ...
CVE-2026-21665
The Print Service component of Fiserv Originate Loans Peripherals formerly Velocity Services in unsupported version 2021.2.4 build 4.7.3155.0011 uses deprecated .NET Remoting TCP channels that allow unsafe deserialization of untrusted data. When these services are exposed to an untrusted network ...
PT-2026-21572
Name of the Vulnerable Software and Affected Versions Fiserv Originate Loans Peripherals version 2021.2.4 build 4.7.3155.0011 Description The Print Service component of Fiserv Originate Loans Peripherals utilizes deprecated .NET Remoting TCP channels that permit unsafe deserialization of untruste...
Server-side Request Forgery (SSRF)
Overview io.spinnaker.orca:orca-clouddriver is a Spinnaker Orca Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper restrictions on user-supplied URLs when fetching data. An attacker can access internal resources, extract sensitive authentication data...
CVE-2025-14733 WatchGuard Firebox iked Out of Bounds Write Vulnerability
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability...
PT-2025-52395
Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.10.2 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.11.5 WatchGuard Fireware OS versions 2025.1 through 2025.1.3 Description An out-of-bounds write vulnerability exists in the iked...
CVE-2025-12026
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including...
CVE-2025-12196
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up ...
CVE-2025-13940
An Expected Behavior Violation CWE-440 vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the...