36 matches found
EUVD-2026-41458
In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does no...
CVE-2026-13728
WatchGuard Fireware OS on a FireCluster is affected by CVE-2026-13728. Affected versions include Fireware OS 12.1 through 12.12, and 2025.1 through 2026.2. In exception circumstances, an embedded encryption key is used to encrypt saved credentials for Access Portal resources, which constitutes th...
MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞
MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECT24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECT24 is an interna...
CVE-2026-48135 - HTTP service can incorrectly process malformed HTTP requests
Cause An input-handling issue in the HTTP request processing path. Symptoms - A Check Point HTTP-based service, such as Mobile Access Portal or Identity Awareness Portals except for Captive Portal, can incorrectly handle malformed HTTP requests. Gaia Portal is not affected by this issue. - The...
CVE-2026-6266
A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...
CVE-2026-4266
CVE-2026-4266 describes an insecure deserialization in WatchGuard Fireware OS. Affects Fireware OS versions 12.1–12.11.8 and 2025.1–2026.1.2; Firebox platforms without Access Portal (e.g., T-15, T-35) are not affected. The vulnerability allows an attacker who has obtained write access to the loca...
CVE-2026-4266 WatchGuard Firebox Insecure Deserialization in Fireware Access Portal
An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1...
PT-2026-29022
An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1...
EUVD-2021-17289
Malware in sbrugna...
EUVD-2024-54849
Malicious code in bioql PyPI...
CVE-2024-52885
The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user authorized to at least one File Share application to list the file names of 'nobody'-accessible directories on the Mobile Access gateway...
CVE-2024-52885
The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user authorized to at least one File Share application to list the file names of 'nobody'-accessible directories on the Mobile Access gateway...
CVE-2024-52885
CVE-2024-52885 affects the Mobile Access Portal File Share component (Check Point Mobile Access). A directory traversal flaw allows an authenticated user (authorized to at least one File Share app) to enumerate file names in directories accessible to the nobody user on the Mobile Access gateway. ...
CVE-2024-52885 Path Traversal
The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user authorized to at least one File Share application to list the file names of 'nobody'-accessible directories on the Mobile Access gateway...
PT-2025-32174 · Unknown · Mobile Access Portal File Share
Name of the Vulnerable Software and Affected Versions: Mobile Access Portal File Share application affected versions not specified Description: The Mobile Access Portal's File Share application is susceptible to a directory traversal attack. An authenticated, malicious end-user with authorization...
CVE-2021-30358
Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent...
CVE-2025-4805 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Acces Portal Configuration
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Fireware OS: from 12.0 through...
AWS VDP: Session Timeout Does Not Enforce Re-Authentication on AWS Access Portal
NOTE! Thanks for submitting a report to Amazon Web Services! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: AWS SSO...
CVE-2021-30358
Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent...
CVE-2021-30358
Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent...