Vulnerability fixed in WatchGuard Firebox

A vulnerability has been fixed in WatchGuard Fireware OS. A vulnerability has been fixed in WatchGuard Fireware OS. The vulnerability CVE-2025-14733 involves an out-of-bounds write in the iked process of Fireware OS and affects both the Mobile User VPN IKEv2 and the Branch Office VPN IKEv2 when...

CVE-2025-14733

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability...

CVE-2025-14733

WatchGuard Fireware OS is affected by CVE-2025-14733 (Out-of-bounds Write in the iked process) that enables remote unauthenticated code execution when Mobile User VPN (IKEv2) or Branch Office VPN (IKEv2) is configured with a dynamic gateway peer. Affected versions include Fireware OS 11.10.2–11.1...

WatchGuard Firebox OS 11.x / 12.x < 12.3.1_Update4 12.4.x < 12.5.15 / 12.6.x < 12.11.6 / 2025.x < 2025.1.4 Out of Bounds Write (CVE-2025-14733)

According to its self-reported version, the instance of WatchGuard Firebox OS running on the remote host is 11.x, 12.x prior to version 12.3.1Update4, 12.4.x prior to 12.5.15, 12.6.x prior to 12.11.6, or 2025.x prior to 2025.1.4. It is, therefore, affected by an out of bounds write vulnerability:...

VulnCheck KEV: CVE-2025-14733

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability...

PT-2025-52395

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.10.2 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.11.5 WatchGuard Fireware OS versions 2025.1 through 2025.1.3 Description An out-of-bounds write vulnerability exists in the iked...

CVE-2025-11838

A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service DoS condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware O...

CVE-2025-11838 WatchGuard Firebox iked Memory Corruption Vulnerability

A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service DoS condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware O...

CVE-2025-11838

CVE-2025-11838 involves a memory corruption vulnerability in WatchGuard Fireware OS that can trigger a DoS in Mobile User VPN with IKEv2 and Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. Affected software ranges are Fireware OS 12.6.1–12.11.4 and 2025.1–2025.1.2. The ...

CVE-2025-11838 WatchGuard Firebox iked Memory Corruption Vulnerability

A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service DoS condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware O...

PT-2025-49158

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 12.0 through 12.11.4 WatchGuard Fireware OS versions 2025.1 through 2025.1.2 Description A memory corruption issue exists in WatchGuard Fireware OS. An unauthenticated attacker can potentially cause a Denial of...

CVE-2025-35060

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

CVE-2025-35060

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

CVE-2025-35060 Newforma Info Exchange (NIX) stored XSS via SVG file upload

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

EUVD-2010-4655

Malware in sbrugna...

Malicious code in mobile-user-info (npm)

The package mobile-user-info was found to contain malicious code...

MAL-2025-26556 Malicious code in mobile-user-info (npm)

The package mobile-user-info was found to contain malicious code...

Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps

Cybersecurity researchers have discovered a new campaign that employs malicious JavaScript injections to redirect site visitors on mobile devices to a Chinese adult-content Progressive Web App PWA scam. "While the payload itself is nothing new yet another adult gambling scam, the delivery method...

Halve the size of images by optimising for high density displays

A long time ago we had monitors of varying resolutions, but once we started to go beyond 1024x768, screens started to get bigger as resolution got bigger. Then full-colour web-capable mobile phones arrived, but the story was the same. They had small screens, but also small resolutions. Then in 20...

CVE-2020-10643

An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component...