Lucene search
K

307 matches found

Vulnrichment
Vulnrichment
added 2025/12/04 9:48 p.m.4 views

CVE-2025-1545 WatchGuard Firebox XPath Injection Vulnerability in Web CGI

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

8.2CVSS6.9AI score0.00417EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/04 9:48 p.m.21 views

CVE-2025-1545 WatchGuard Firebox XPath Injection Vulnerability in Web CGI

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

8.2CVSS0.00417EPSS
Exploits0References1
CVE
CVE
added 2025/12/04 9:48 p.m.14 views

CVE-2025-1545

CVE-2025-1545 is a WatchGuard Fireware OS XPath Injection affecting Firebox with at least one authentication hotspot configured. The issue allows remote, unauthenticated retrieval of configuration data via an exposed authentication/management web interface. Affected versions: 11.11–11.12.4+541730...

8.2CVSS6.9AI score0.00417EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/04 9:47 p.m.21 views

CVE-2025-13940 WatchGuard Firebox Boot Time System Integrity Check Bypass

An Expected Behavior Violation CWE-440 vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the...

6.7CVSS0.00107EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/04 9:47 p.m.2 views

CVE-2025-13940 WatchGuard Firebox Boot Time System Integrity Check Bypass

An Expected Behavior Violation CWE-440 vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the...

6.7CVSS6.5AI score0.00107EPSS
Exploits0References1
CVE
CVE
added 2025/12/04 9:47 p.m.11 views

CVE-2025-13940

WatchGuard Fireware OS contains an Expected Behavior Violation (CWE-440) vulnerability (CVE-2025-13940) that could allow bypass of the boot-time system integrity check and prevent Firebox shutdown in the event of a failure. Affected versions are Fireware OS 12.8.1–12.11.4 and 2025.1–2025.1.2. The...

6.7CVSS6.5AI score0.00107EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/04 9:47 p.m.21 views

CVE-2025-13939 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Gateway Wireless Controller

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Gateway Wireless Controller module allows Stored XSS.This issue affects Fireware OS 11.7.2 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 u...

4.8CVSS0.00156EPSS
Exploits0References1
CVE
CVE
added 2025/12/04 9:47 p.m.21 views

CVE-2025-13939

WatchGuard Fireware OS (Gateway Wireless Controller module) is affected by CVE-2025-13939: a Stored XSS vulnerability caused by improper neutralization of input during web page generation. Affected versions include Fireware OS 11.7.2 through 11.12.4+541730, 12.0 through 12.11.4, 12.5 through 12.5...

6.1CVSS5.8AI score0.00156EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/04 9:47 p.m.2 views

CVE-2025-13939 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Gateway Wireless Controller

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Gateway Wireless Controller module allows Stored XSS.This issue affects Fireware OS 11.7.2 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 u...

4.8CVSS5.8AI score0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/04 9:47 p.m.2 views

CVE-2025-13938 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Autotask Technology Integration Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Autotask Technology Integration module allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 ...

4.8CVSS5.8AI score0.00156EPSS
Exploits0References1
CVE
CVE
added 2025/12/04 9:47 p.m.14 views

CVE-2025-13937

CVE-2025-13937 describes a Stored XSS in WatchGuard Fireware OS via the ConnectWise Technology Integration module. The vulnerability results from improper neutralization of input during web page generation, affecting Fireware OS versions 12.4–12.11.4, 12.5–12.5.13, and 2025.1–2025.1.2. The impact...

6.1CVSS5.8AI score0.00156EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/04 9:47 p.m.19 views

CVE-2025-13937 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in ConnectWise Technology Integration Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS ConnectWise Technology Integration module allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025...

4.8CVSS0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/04 9:45 p.m.22 views

CVE-2025-13936 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Tigerpaw Technology Integration Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Tigerpaw Technology Integration module allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 ...

4.8CVSS0.00156EPSS
Exploits0References1
CVE
CVE
added 2025/12/04 9:45 p.m.19 views

CVE-2025-13936

The CVE-2025-13936 entry documents a Stored XSS vulnerability in WatchGuard Fireware OS, specifically within the Tigerpaw Technology Integration module. Affected software/versions are Fireware OS 12.4 through 12.11.4, 12.5 through 12.5.13, and 2025.1 through 2025.1.2. The root cause is improper n...

6.1CVSS5.8AI score0.00156EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/04 9:45 p.m.3 views

CVE-2025-13936 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Tigerpaw Technology Integration Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Tigerpaw Technology Integration module allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 ...

4.8CVSS5.8AI score0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/04 9:43 p.m.3 views

CVE-2025-12195 WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI IPSec Configuration

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730, 12.0 up to and includi...

8.6CVSS6.9AI score0.00589EPSS
Exploits0References1
CVE
CVE
added 2025/12/04 9:43 p.m.15 views

CVE-2025-12195

CVE-2025-12195 describes an out-of-bounds write vulnerability in the WatchGuard Fireware OS CLI. An authenticated privileged user can trigger arbitrary code execution by sending specially crafted IPSec configuration CLI commands. Affected versions span Fireware OS 11.0–11.12.4+541730, 12.0–12.11....

8.6CVSS6.9AI score0.00589EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/04 9:43 p.m.24 views

CVE-2025-12026 WatchGuard Firebox Authenticated Out of Bounds Write in certd

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including...

8.6CVSS0.00392EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.5 views

WatchGuard Fireware OS 安全漏洞

WatchGuard Fireware OS is a software from WatchGuard USA that runs on Firebox. A security vulnerability exists in WatchGuard Fireware OS versions 12.11.4 and earlier and 2025.1.2 and earlier, which stems from a memory corruption that could lead to a denial of service attack...

8.7CVSS7.5AI score0.00431EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.6 views

PT-2025-49165

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.11 through 11.12.4+541730 WatchGuard Fireware OS versions 12.0 through 12.11.4 WatchGuard Fireware OS versions 12.5 through 12.5.13 WatchGuard Fireware OS versions 2025.1 through 2025.1.2 Description A remote...

8.2CVSS6.8AI score0.00417EPSS
Exploits0References4
Rows per page
Query Builder