Lucene search
+L

223 matches found

Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.5 views

PT-2025-38127

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.10.2 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.11.3 WatchGuard Fireware OS version 2025.1 Description An out-of-bounds write vulnerability exists in WatchGuard Fireware OS,...

10CVSS8.2AI score0.8637EPSS
Exploits2References156
NVD
NVD
added 2025/09/15 10:15 p.m.4 views

CVE-2025-6999

An HTTP Request Smuggling CWE-444 vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting XSS attack.This issue affects Fireware OS: from 12.0 through 12.11.2...

6.9CVSS0.0052EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.8 views

PT-2025-37770

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 12.0 through 12.11.2 Description A Stored Cross-site Scripting XSS issue exists within the SIP Proxy module of WatchGuard Fireware OS. Exploitation requires an authenticated administrator session to a locally...

4.8CVSS5.9AI score0.00341EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.3 views

WatchGuard Fireware OS 安全漏洞

WatchGuard Fireware OS is a software from WatchGuard USA that runs on Firebox. A security vulnerability exists in WatchGuard Fireware OS versions 12.0 through 12.11.2, which stems from the presence of HTTP request entrapment techniques in the authentication portal, which could lead to a reflectiv...

6.9CVSS6.2AI score0.0052EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.5 views

PT-2025-37771

Name of the Vulnerable Software and Affected Versions: WatchGuard Fireware OS versions 12.0 through 12.11.2 Description: An HTTP Request Smuggling vulnerability exists in the Authentication portal of WatchGuard Fireware OS, allowing a remote attacker to evade request parameter sanitation and...

6.9CVSS6.1AI score0.0052EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 3:9 p.m.8 views

CVE-2020-10532

The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI...

7.5CVSS7AI score0.02762EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:40 a.m.9 views

CVE-2017-8056

WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity XXE, in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new...

5.3CVSS6.7AI score0.05076EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:22 a.m.10 views

CVE-2017-8055

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this...

5.3CVSS7AI score0.01591EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/18 8:58 p.m.24 views

CVE-2025-4804

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects...

4.8CVSS5.5AI score0.0036EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/18 8:58 p.m.24 views

CVE-2025-4805

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Fireware OS: from 12.0 through...

4.8CVSS6.5AI score0.0036EPSS
Exploits0References1
NVD
NVD
added 2025/05/16 9:15 p.m.13 views

CVE-2025-4804

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects...

4.8CVSS0.0036EPSS
Exploits0References1
NVD
NVD
added 2025/05/16 9:15 p.m.13 views

CVE-2025-4805

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Fireware OS: from 12.0 through...

4.8CVSS0.0036EPSS
Exploits0References1
CVE
CVE
added 2025/05/16 8:13 p.m.33 views

CVE-2025-4805

CVE-2025-4805 describes a stored XSS vulnerability in WatchGuard Fireware OS (Firebox). The issue arises from improper input neutralization during web page generation, allowing stored XSS when an authenticated administrator session to a locally managed Firebox is present. Affected versions are Fi...

4.8CVSS6.2AI score0.0036EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.5 views

PT-2025-21757

Name of the Vulnerable Software and Affected Versions: WatchGuard Fireware OS versions 12.0 through 12.1.1 is incorrect, the correct range is: WatchGuard Fireware OS versions 12.0 through 12.11.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, als...

4.8CVSS5.1AI score0.0036EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/05/16 12:0 a.m.6 views

WatchGuard Fireware OS 跨站脚本漏洞

WatchGuard Fireware OS is a software from WatchGuard, Inc. that runs on Firebox. A cross-site scripting vulnerability exists in WatchGuard Fireware OS versions 12.0 through 12.11.1, which stems from improper input neutralization and could lead to stored cross-site scripting...

4.8CVSS5.8AI score0.0036EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.5 views

PT-2025-21756 · Watchguard · Watchguard Fireware

Name of the Vulnerable Software and Affected Versions: WatchGuard Fireware OS versions 12.0 through 12.1.1 is incorrect, the correct range is: WatchGuard Fireware OS versions 12.0 through 12.11.1 Description: The issue is related to an Improper Neutralization of Input During Web Page Generation,...

4.8CVSS4.8AI score0.0036EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/05/16 12:0 a.m.5 views

WatchGuard Fireware OS 跨站脚本漏洞

WatchGuard Fireware OS is a software from WatchGuard USA that runs on Firebox. A cross-site scripting vulnerability exists in WatchGuard Fireware OS versions 12.0 through 12.11.1, which stems from improper input neutralization in the spamBlocker module and could lead to stored cross-site scriptin...

4.8CVSS5.8AI score0.0036EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/16 2:19 p.m.6 views

CVE-2025-1239

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the Blocked Sites list. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Firewa...

4.8CVSS5.4AI score0.00422EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/16 2:18 p.m.10 views

CVE-2025-0178

Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious...

5.1CVSS6.7AI score0.00224EPSS
Exploits0References1
NVD
NVD
added 2025/02/14 2:15 p.m.12 views

CVE-2025-1239

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the Blocked Sites list. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Firewa...

4.8CVSS0.00422EPSS
Exploits0References1
Rows per page
Query Builder