Lucene search
K

35 matches found

NVD
NVD
added 2026/07/03 12:16 a.m.12 views

CVE-2026-13375

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Autotask Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13938. This issue affects Fireware O...

4.8CVSS0.00158EPSS
Exploits0References1
NVD
NVD
added 2026/07/03 12:16 a.m.9 views

CVE-2026-13376

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-1071. This issue affects Fireware OS 12.0 up to and...

4.8CVSS0.00158EPSS
Exploits0References1
NVD
NVD
added 2026/07/03 12:16 a.m.10 views

CVE-2026-13377

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-6947. This issue affects Fireware OS 12.0 up to and...

4.8CVSS0.00158EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:7 p.m.8 views

CVE-2026-13728

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does no...

5.9CVSS5.7AI score0.00134EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:6 p.m.10 views

CVE-2026-13368

WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that...

9.2CVSS6.2AI score0.00646EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:6 p.m.10 views

CVE-2026-13722

WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this vulnerability to install a tampered firmware image.This vulnerability affects Fireware OS 11.0 up to and including...

8.6CVSS5.7AI score0.00232EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/02 11:5 p.m.40 views

CVE-2026-13376 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in spamBlocker Module

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-1071. This issue affects Fireware OS 12.0 up to and...

4.8CVSS0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:5 p.m.36 views

CVE-2026-13373 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Tigerpaw Technology Integration Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Tigerpaw Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13936. This issue affects Fireware O...

4.8CVSS0.00158EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.17 views

PT-2026-55337

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 12.1 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal...

5.9CVSS5.9AI score0.00134EPSS
Exploits0References7
OSV
OSV
added 2026/03/03 2:15 p.m.7 views

CVE-2026-3344

A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including...

4.9CVSS5.7AI score0.00258EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/03 1:17 p.m.4 views

CVE-2026-3344 WatchGuard Firebox System Integrity Check Bypass

A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including...

6.9CVSS5.9AI score0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/03 1:17 p.m.6 views

EUVD-2026-9290

A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including...

6.9CVSS5.9AI score0.00258EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/03 1:17 p.m.5 views

CVE-2026-3343

A reflected cross-site scripting XSS vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7...

6.1CVSS5.9AI score0.00196EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/03 1:17 p.m.7 views

EUVD-2026-9289

A reflected cross-site scripting XSS vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7...

5.1CVSS5.9AI score0.00196EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.8 views

PT-2026-22733

A reflected cross-site scripting XSS vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7...

5.1CVSS5.9AI score0.00196EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/05 12:31 a.m.5 views

EUVD-2025-201307

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including...

8.6CVSS7.3AI score0.00392EPSS
Exploits0References2
OSV
OSV
added 2025/12/04 10:15 p.m.3 views

CVE-2025-13940

An Expected Behavior Violation CWE-440 vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References1
NVD
NVD
added 2025/12/04 10:15 p.m.6 views

CVE-2025-12196

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up ...

8.6CVSS0.0053EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/04 9:47 p.m.26 views

CVE-2025-13939 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Gateway Wireless Controller

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Gateway Wireless Controller module allows Stored XSS.This issue affects Fireware OS 11.7.2 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 u...

4.8CVSS0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/04 9:47 p.m.2 views

CVE-2025-13938 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Autotask Technology Integration Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Autotask Technology Integration module allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 ...

4.8CVSS5.8AI score0.00156EPSS
Exploits0References1
Rows per page
Query Builder