Lucene search
K

177 matches found

CVE
CVE
added yesterday11 views

CVE-2026-13053

WatchGuard Fireware OS has an authenticated out-of-bounds write vulnerability in the CLI command handler (CVE-2026-13053). A privileged, authenticated attacker could trigger code execution via a crafted CLI input. Affected versions include Fireware OS 11.0–11.12.4_Update1, 12.0–12.12, and 2025.1–...

8.6CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday14 views

CVE-2026-13368

WatchGuard Fireware OS contains a race condition that leads to a use-after-free in LDAP authentication for Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this to execute arbitrary code in the iked process on Fireboxes configured to use an external LDAP authentication ...

9.2CVSS6.2AI score
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-13377

WatchGuard Fireware OS SIP Proxy module is affected by a Stored XSS via improper input neutralization during web page generation. The vulnerability affects Fireware OS versions 12.0–12.12, 12.5–12.5.18, and 2025.1–2026.2. Root cause: improper sanitization in the SIP Proxy configuration web interf...

4.8CVSS5.7AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-13374

CVE-2026-13374 is a stored XSS vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module). It affects Fireware OS versions 12.4–12.12, 12.5–12.5.18, and 2025.1–2026.2. The issue stems from improper neutralization of input during web page generation, allowing stored cross-...

4.8CVSS5.7AI score
Exploits0References1
Cvelist
Cvelist
added yesterday6 views

CVE-2026-13374 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in ConnectWise Technology Integration Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS ConnectWise Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13937. This issue affects Firewar...

4.8CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-13373

WatchGuard Fireware OS Tigerpaw Technology Integration module is affected by CVE-2026-13373, exposing a Stored Cross-Site Scripting (XSS) vulnerability. The issue arises from improper neutralization of input during web page generation, enabling stored XSS in affected Fireware versions: 12.4–12.12...

4.8CVSS5.7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/02 10:54 p.m.5 views

CVE-2026-3987

A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and...

8.6CVSS6.2AI score0.00588EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/02 12:31 a.m.8 views

EUVD-2026-18090

A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and...

8.6CVSS6.2AI score0.00588EPSS
Exploits0References2
NVD
NVD
added 2026/04/01 10:16 p.m.8 views

CVE-2026-3987

A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and...

8.6CVSS0.00588EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 9:32 p.m.15 views

CVE-2026-3987

CVE-2026-3987 describes a path traversal vulnerability in the Fireware OS Web UI of WatchGuard Firebox systems. A privileged, authenticated remote attacker could trigger arbitrary code execution within an elevated system process. Affected are Fireware OS versions 12.6.1 through 12.11.8 and 2025.1...

8.6CVSS6.2AI score0.00588EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 9:32 p.m.1 views

CVE-2026-3987 WatchGuard Firebox Arbitrary File Write vis Path Traversal in Fireware Web UI

A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and...

8.6CVSS6.2AI score0.00588EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 9:32 p.m.6 views

CVE-2026-3987

A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and...

8.6CVSS6.2AI score0.00588EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/01 9:32 p.m.19 views

CVE-2026-3987 WatchGuard Firebox Arbitrary File Write vis Path Traversal in Fireware Web UI

A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and...

8.6CVSS0.00588EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.11 views

PT-2026-29637

A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and...

8.6CVSS6.2AI score0.00588EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2026/03/11 12:0 a.m.200 views

📄 WatchGuard Firebox Default SSH Credentials

This is a python script to detect whether or not WatchGuard Firebox devices allow unauthorized access via default credentials admin:readwrite on port 4118. =============================================================================================================================================...

6AI score0.00043EPSS
Exploits3
CVE
CVE
added 2026/01/30 1:2 p.m.33 views

CVE-2026-1498

WatchGuard Fireware OS is affected by CVE-2026-1498 via LDAP Injection. A remote unauthenticated attacker can retrieve information from a connected LDAP authentication server through an exposed authentication or management web interface, and may authenticate as an LDAP user if they have that user...

7CVSS5.9AI score0.0068EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:55 a.m.10 views

CVE-2022-23176

WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. This vulnerability impacts Fireware OS before 12.7.2U1, 12.x before 12.1.3U3, and 12.2.x through 12.5.x before...

9CVSS6.9AI score0.13318EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.7 views

CVE-2022-31791

WatchGuard Firebox and XTM appliances allow a local attacker that has already obtained shell access to elevate their privileges and execute code with root permissions. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...

7.8CVSS7AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:46 a.m.8 views

CVE-2022-31789

An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...

9.8CVSS8.4AI score0.01461EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:46 a.m.9 views

CVE-2022-31792

A stored cross-site scripting XSS vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. A remote attacker can potentially execute arbitrary JavaScript code in the management web interface by sending crafted requests to exposed management ports. This is fix...

5.4CVSS5.8AI score0.00484EPSS
Exploits0References1
Rows per page
Query Builder