Lucene search
K

36 matches found

EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-41458

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does no...

5.9CVSS5.7AI score
Exploits0References2
CVE
CVE
added yesterday12 views

CVE-2026-13728

WatchGuard Fireware OS on a FireCluster is affected by CVE-2026-13728. Affected versions include Fireware OS 12.1 through 12.12, and 2025.1 through 2026.2. In exception circumstances, an embedded encryption key is used to encrypt saved credentials for Access Portal resources, which constitutes th...

5.9CVSS5.7AI score
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECT24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECT24 is an interna...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References1
CheckPoint Security
CheckPoint Security
added 2026/05/23 12:0 a.m.28 views

CVE-2026-48135 - HTTP service can incorrectly process malformed HTTP requests

Cause An input-handling issue in the HTTP request processing path. Symptoms - A Check Point HTTP-based service, such as Mobile Access Portal or Identity Awareness Portals except for Captive Portal, can incorrectly handle malformed HTTP requests. Gaia Portal is not affected by this issue. - The...

5.3CVSS5.6AI score0.02607EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/04 1:47 p.m.8 views

CVE-2026-6266

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...

8.3CVSS5.8AI score0.00397EPSS
Exploits0References6
CVE
CVE
added 2026/03/30 12:38 p.m.16 views

CVE-2026-4266

CVE-2026-4266 describes an insecure deserialization in WatchGuard Fireware OS. Affects Fireware OS versions 12.1–12.11.8 and 2025.1–2026.1.2; Firebox platforms without Access Portal (e.g., T-15, T-35) are not affected. The vulnerability allows an attacker who has obtained write access to the loca...

8.4CVSS6.2AI score0.00286EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/30 12:38 p.m.3 views

CVE-2026-4266 WatchGuard Firebox Insecure Deserialization in Fireware Access Portal

An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1...

8.4CVSS6.2AI score0.00286EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29022

An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1...

8.4CVSS6.2AI score0.00286EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-17289

Malware in sbrugna...

7.2CVSS7AI score0.27466EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-54849

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00424EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/08 3:18 p.m.17 views

CVE-2024-52885

The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user authorized to at least one File Share application to list the file names of 'nobody'-accessible directories on the Mobile Access gateway...

5.4CVSS6.3AI score0.00424EPSS
Exploits0References1
NVD
NVD
added 2025/08/06 3:15 p.m.6 views

CVE-2024-52885

The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user authorized to at least one File Share application to list the file names of 'nobody'-accessible directories on the Mobile Access gateway...

5.4CVSS0.00424EPSS
Exploits0References1
CVE
CVE
added 2025/08/06 2:45 p.m.27 views

CVE-2024-52885

CVE-2024-52885 affects the Mobile Access Portal File Share component (Check Point Mobile Access). A directory traversal flaw allows an authenticated user (authorized to at least one File Share app) to enumerate file names in directories accessible to the nobody user on the Mobile Access gateway. ...

5.4CVSS6.4AI score0.00424EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/08/06 2:45 p.m.12 views

CVE-2024-52885 Path Traversal

The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user authorized to at least one File Share application to list the file names of 'nobody'-accessible directories on the Mobile Access gateway...

5CVSS0.00424EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/06 12:0 a.m.6 views

PT-2025-32174 · Unknown · Mobile Access Portal File Share

Name of the Vulnerable Software and Affected Versions: Mobile Access Portal File Share application affected versions not specified Description: The Mobile Access Portal's File Share application is susceptible to a directory traversal attack. An authenticated, malicious end-user with authorization...

5CVSS6.2AI score0.00424EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 9:26 p.m.6 views

CVE-2021-30358

Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent...

7.2CVSS6.9AI score0.27466EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/16 8:13 p.m.10 views

CVE-2025-4805 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Acces Portal Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Fireware OS: from 12.0 through...

4.8CVSS6.8AI score0.0036EPSS
Exploits0References1
Hacker One
Hacker One
added 2024/10/24 5:16 a.m.4 views

AWS VDP: Session Timeout Does Not Enforce Re-Authentication on AWS Access Portal

NOTE! Thanks for submitting a report to Amazon Web Services! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: AWS SSO...

6.9AI score
Exploits0
NVD
NVD
added 2021/10/19 2:15 p.m.17 views

CVE-2021-30358

Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent...

7.2CVSS0.27466EPSS
Exploits0References2
OSV
OSV
added 2021/10/19 2:15 p.m.4 views

CVE-2021-30358

Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent...

7.2CVSS5.8AI score0.27466EPSS
Exploits0References2
Rows per page
Query Builder