EUVD-2022-53182

Malicious code in bioql PyPI...

WatchGuard Issues Fix for 9.3-Rated Firebox Firewall Vulnerability

WatchGuard has issued a critical security alert for its Firebox firewalls due to a serious vulnerability, CVE-2025-9242. Learn what this 'out-of-bounds write' flaw means, which Fireware OS versions are affected, and the urgent steps to take to protect your network from remote attacks...

CVE-2025-6947

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox...

CVE-2025-6947

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox...

CVE-2025-6947 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in SIP Proxy Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox...

CVE-2025-6947

CVE-2025-6947 affects WatchGuard Fireware OS running on Firebox. The issue is a Stored Cross-Site Scripting (XSS) vulnerability in the SIP Proxy module caused by improper input neutralization during web page generation. Exploitation requires an authenticated administrator session to a locally man...

CVE-2025-6947 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in SIP Proxy Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox...

CVE-2025-6999

CVE-2025-6999 describes an HTTP Request Smuggling (CWE-444) vulnerability in the WatchGuard Fireware OS Authentication portal, affecting Fireware OS versions 12.0–12.11.2. The issue allows a remote attacker to evade request parameter sanitation and perform a reflected self-XSS attack. The vulnera...

CVE-2025-6999 WatchGuard Firebox Authentication Portal Request Smuggling Vulnerability

An HTTP Request Smuggling CWE-444 vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting XSS attack.This issue affects Fireware OS: from 12.0 through 12.11.2...

CVE-2025-6999 WatchGuard Firebox Authentication Portal Request Smuggling Vulnerability

An HTTP Request Smuggling CWE-444 vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting XSS attack.This issue affects Fireware OS: from 12.0 through 12.11.2...

WatchGuard Fireware OS Firebox 安全漏洞

WatchGuard Fireware OS Firebox is a network security hardware appliance from WatchGuard USA. A security vulnerability exists in WatchGuard Fireware OS Firebox versions 12.0 through 12.11.2, which stems from improper input neutralization in the SIP Proxy module and could lead to a stored cross-sit...

PT-2025-37770

Name of the Vulnerable Software and Affected Versions: WatchGuard Fireware OS versions 12.0 through 12.11.2 Description: A Stored Cross-site Scripting XSS issue exists within the SIP Proxy module of WatchGuard Fireware OS. Exploitation requires an authenticated administrator session to a locally...

Firebox T15 contains an issue with hidden functionality

Overview Firebox T15 provided by WatchGuard Technologies contains the following vulnerability. Hidden functionality CWE-912 - CVE-2025-4106 Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An attacker may log...

CVE-2022-25361

WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories on the system. This vulnerability impacts Fireware OS before 12.7.2U2, 12.x before 12.1.3U8, and 12.2.x through 12.5.x before 12.5.9U2...

CVE-2022-25363

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. This vulnerability impacts Fireware OS before 12.7.2U2, 12.x before 12.1.3U8, and 12.2.x through 12.5.x before 12.5.9U2...

CVE-2022-25291

An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2U...

CVE-2022-25293

A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2U2, 12.x before 12.1.3U8...

CVE-2022-25360

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. This vulnerability impacts Fireware OS before 12.7.2U2, 12.x before 12.1.3U8, and 12.2.x through 12.5.x before 12.5.9U2...

CVE-2022-25292

A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2U2, 12.x before 12.1.3U8...

CVE-2025-4804

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects...