Lucene search
+L

29 matches found

nvd
nvd
added 2026/07/03 12:16 a.m.10 views

CVE-2026-13368

WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that...

9.2CVSS0.00646EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/02 11:6 p.m.13 views

CVE-2026-13084

A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service DoS condition by sending specially crafted IKEv2 messages. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using...

8.7CVSS5.8AI score0.00495EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/07/02 12:0 a.m.12 views

PT-2026-55326

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.10.2 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description A null pointer dereference occurs when the software attempts t...

8.7CVSS6AI score0.00495EPSS
Exploits0References9
ncsc
ncsc
added 2025/12/19 11:16 a.m.17 views

Vulnerability fixed in WatchGuard Firebox

A vulnerability has been fixed in WatchGuard Fireware OS. A vulnerability has been fixed in WatchGuard Fireware OS. The vulnerability CVE-2025-14733 involves an out-of-bounds write in the iked process of Fireware OS and affects both the Mobile User VPN IKEv2 and the Branch Office VPN IKEv2 when...

9.8CVSS7.6AI score0.18047EPSS
Exploits1References1
nvd
nvd
added 2025/12/19 1:16 a.m.15 views

CVE-2025-14733

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability...

9.8CVSS0.18047EPSS
Exploits1References2
cve
cve
added 2025/12/19 12:1 a.m.389 views

CVE-2025-14733

WatchGuard Fireware OS is affected by CVE-2025-14733 (Out-of-bounds Write in the iked process) that enables remote unauthenticated code execution when Mobile User VPN (IKEv2) or Branch Office VPN (IKEv2) is configured with a dynamic gateway peer. Affected versions include Fireware OS 11.10.2–11.1...

9.8CVSS7.3AI score0.18047EPSS
In wildExploits1References2Affected Software1
vulncheck_kev
vulncheck_kev
added 2025/12/19 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-14733

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability...

9.8CVSS6.1AI score0.18047EPSS
In wildExploits1References8
nessus
nessus
added 2025/12/19 12:0 a.m.5 views

WatchGuard Firebox OS 11.x / 12.x < 12.3.1_Update4 12.4.x < 12.5.15 / 12.6.x < 12.11.6 / 2025.x < 2025.1.4 Out of Bounds Write (CVE-2025-14733)

According to its self-reported version, the instance of WatchGuard Firebox OS running on the remote host is 11.x, 12.x prior to version 12.3.1Update4, 12.4.x prior to 12.5.15, 12.6.x prior to 12.11.6, or 2025.x prior to 2025.1.4. It is, therefore, affected by an out of bounds write vulnerability:...

9.8CVSS6.6AI score0.18047EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2025/12/18 12:0 a.m.7 views

PT-2025-52395

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.10.2 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.11.5 WatchGuard Fireware OS versions 2025.1 through 2025.1.3 Description An out-of-bounds write vulnerability exists in the iked...

10CVSS8AI score0.18047EPSS
Exploits1References122
osv
osv
added 2025/12/04 10:15 p.m.6 views

CVE-2025-11838

A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service DoS condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware O...

7.5CVSS5.7AI score0.00431EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/12/04 9:48 p.m.3 views

CVE-2025-11838 WatchGuard Firebox iked Memory Corruption Vulnerability

A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service DoS condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware O...

8.7CVSS7.6AI score0.00431EPSS
Exploits0References1
cve
cve
added 2025/12/04 9:48 p.m.14 views

CVE-2025-11838

CVE-2025-11838 involves a memory corruption vulnerability in WatchGuard Fireware OS that can trigger a DoS in Mobile User VPN with IKEv2 and Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. Affected software ranges are Fireware OS 12.6.1–12.11.4 and 2025.1–2025.1.2. The ...

8.7CVSS7.6AI score0.00431EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2025/12/04 9:48 p.m.31 views

CVE-2025-11838 WatchGuard Firebox iked Memory Corruption Vulnerability

A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service DoS condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware O...

8.7CVSS0.00431EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/12/04 12:0 a.m.5 views

PT-2025-49158

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 12.0 through 12.11.4 WatchGuard Fireware OS versions 2025.1 through 2025.1.2 Description A memory corruption issue exists in WatchGuard Fireware OS. An unauthenticated attacker can potentially cause a Denial of...

8.7CVSS6.8AI score0.00431EPSS
Exploits0References8
redhatcve
redhatcve
added 2025/10/10 8:22 p.m.4 views

CVE-2025-35060

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

5.5CVSS6.8AI score0.00201EPSS
Exploits0References1
nvd
nvd
added 2025/10/09 9:15 p.m.6 views

CVE-2025-35060

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

5.5CVSS0.00201EPSS
Exploits0References2
cvelist
cvelist
added 2025/10/09 8:22 p.m.8 views

CVE-2025-35060 Newforma Info Exchange (NIX) stored XSS via SVG file upload

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

5.5CVSS0.00201EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2010-4655

Malware in sbrugna...

5CVSS6.4AI score0.02029EPSS
Exploits0References6
ossf
ossf
added 2025/08/14 6:52 p.m.5 views

Malicious code in mobile-user-info (npm)

The package mobile-user-info was found to contain malicious code...

7AI score
Exploits0
osv
osv
added 2025/08/14 6:52 p.m.4 views

MAL-2025-26556 Malicious code in mobile-user-info (npm)

The package mobile-user-info was found to contain malicious code...

7.2AI score
Exploits0
Rows per page
Query Builder