Lucene search
K

222 matches found

Cvelist
Cvelist
added 2026/07/02 11:5 p.m.40 views

CVE-2026-13384 WatchGuard Firebox wgagent Out of Bounds Write Vulnerability

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to an...

8.6CVSS0.00546EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:5 p.m.8 views

CVE-2026-13376

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-1071. This issue affects Fireware OS 12.0 up to and...

4.8CVSS5.7AI score0.00158EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/02 11:5 p.m.18 views

CVE-2026-13376

CVE-2026-13376 affects WatchGuard Firebox via the Fireware OS spamBlocker module. Vulnerable component: spamBlocker in Fireware OS; vulnerable versions: Fireware OS 12.0–12.12, 12.5–12.5.18, and 2025.1–2026.2. Description: Improper Neutralization of Input During Web Page Generation leading to Sto...

4.8CVSS5.7AI score0.00158EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/02 11:5 p.m.36 views

CVE-2026-13375 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Autotask Technology Integration Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Autotask Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13938. This issue affects Fireware O...

4.8CVSS0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:5 p.m.16 views

CVE-2026-13375

WatchGuard Fireware OS Autotask Technology Integration module is affected by CVE-2026-13375, a Stored XSS vulnerability. Affected versions are Fireware OS 12.4–12.12, 12.5–12.5.18, and 2025.1–2026.2. Attack vector is NETWORK with low attack complexity and high privileges required; user interactio...

4.8CVSS5.7AI score0.00158EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:5 p.m.5 views

CVE-2026-13374

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS ConnectWise Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13937. This issue affects Firewar...

4.8CVSS5.7AI score0.00158EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:5 p.m.5 views

CVE-2026-13373

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Tigerpaw Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13936. This issue affects Fireware O...

4.8CVSS5.7AI score0.00158EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.10 views

PT-2026-55334

Name of the Vulnerable Software and Affected Versions Fireware OS versions 12.1 through 12.12 Fireware OS versions 2025.1 through 2026.2 Description An Out-of-bounds Write occurs in the ikestubd process, which may allow an authenticated privileged user to execute arbitrary code by sending special...

8.6CVSS6.3AI score0.00546EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-55331

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Autotask Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13938. This issue affects Fireware O...

4.8CVSS5.7AI score0.00158EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.8 views

PT-2026-55330

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS ConnectWise Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13937. This issue affects Firewar...

4.8CVSS5.7AI score0.00158EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55332

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-1071. This issue affects Fireware OS 12.0 up to and...

4.8CVSS5.7AI score0.00158EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.10 views

PT-2026-55326

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.10.2 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description A null pointer dereference occurs when the software attempts t...

8.7CVSS6AI score0.00495EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-55323

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.0 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description An Out-of-bounds Write issue exists in the CLI, where an...

8.6CVSS6.3AI score0.00468EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.15 views

PT-2026-55324

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.0 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description A path traversal issue in the Management Web UI allows a privileg...

8.6CVSS6AI score0.00459EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.8 views

PT-2026-55335

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 12.1 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description An Out-of-bounds Write issue exists in the wgagent process. This flaw allows an authenticated privileged user to execute...

8.6CVSS6.3AI score0.00546EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/31 5:0 p.m.7 views

CVE-2026-4315

A Cross-Site Request Forgery CSRF vulnerability in the WatchGuard Fireware OS WebUI could allow a remote attacker to trigger a denial-of-service DoS condition in the Fireware Web UI by convincing an authenticated administrator into visiting a malicious web page.This issue affects Fireware OS: 11....

7.1CVSS5.9AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/30 3:32 p.m.3 views

EUVD-2026-17079

An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1...

8.4CVSS6.2AI score0.00286EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/30 12:38 p.m.2 views

CVE-2026-4315 WatchGuard Firebox Cross-Site Request Forgery (CSRF) in Fireware Web UI

A Cross-Site Request Forgery CSRF vulnerability in the WatchGuard Fireware OS WebUI could allow a remote attacker to trigger a denial-of-service DoS condition in the Fireware Web UI by convincing an authenticated administrator into visiting a malicious web page.This issue affects Fireware OS: 11....

7.1CVSS5.9AI score0.00223EPSS
Exploits0References1
CVE
CVE
added 2026/03/30 12:38 p.m.17 views

CVE-2026-4315

WatchGuard Fireware OS WebUI CSRF leads to DoS when an authenticated admin visits a malicious page. Affected versions are Fireware OS 11.8–11.12.4+541730, 12.0–12.11.8, and 2025.1–2026.1.2. No exploit details or mitigations are provided here; refer to the watchdog advisory (WGSA-2026-00006) for g...

7.1CVSS5.9AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/30 12:38 p.m.22 views

CVE-2026-4266 WatchGuard Firebox Insecure Deserialization in Fireware Access Portal

An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1...

8.4CVSS0.00286EPSS
Exploits0References1
Rows per page
Query Builder