CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A vulnerability in WatchGuard Fireware OS allows bypassing firmware validation when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this to install a tampered firmware image.
An Out-of-bounds Write vulnerability in the wgagent process of WatchGuard Fireware OS allows an authenticated privileged user to execute arbitrary code via specially crafted requests to the Management Web UI. This affects Fireware OS versions 12.1 through 12.12 and 2025.1 through 2026.2.
An Out-of-bounds Write vulnerability in the WatchGuard Fireware OS ikestubd process allows an authenticated privileged user to execute arbitrary code via specially crafted requests to the Management Web UI.
A stored XSS vulnerability in the SIP Proxy module of WatchGuard Fireware OS. Improper input neutralization allows injection of a malicious script that is stored on the server. This is an additional unmitigated attack path for CVE-2025-6947.
A Stored Cross-Site Scripting (XSS) vulnerability was found in the spamBlocker module of WatchGuard Fireware OS due to improper input neutralization during web page generation. This is an additional unmitigated attack vector for CVE-2025-1071.
Stored XSS vulnerability in the Autotask Technology Integration module of WatchGuard Fireware OS. This is an additional unmitigated attack path for CVE-2025-13938.
Stored XSS vulnerability in the ConnectWise Technology Integration module of WatchGuard Fireware OS. This is an additional unmitigated attack vector for CVE-2025-13937.
A Stored Cross-Site Scripting (XSS) vulnerability has been found in the Tigerpaw Technology Integration module of WatchGuard Fireware OS. An attacker can inject malicious JavaScript code into web pages, which will execute in other users' browsers. This is an additional unmitigated attack vector for the previously disclosed CVE-2025-13936.
A vulnerability in the Fireware Management Web UI allows an authenticated administrator to trigger a denial-of-service (DoS) condition by sending crafted data to the put_data endpoint, which performs unsafe deserialization of attacker-supplied input.
A race condition leading to a use-after-free vulnerability in LDAP authentication for Mobile User VPN with IKEv2 in WatchGuard Fireware OS. A remote unauthenticated attacker could exploit this to execute arbitrary code in the context of the iked process on Fireboxes with external LDAP configured.
A null pointer dereference vulnerability in WatchGuard Fireware OS allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted IKEv2 messages. This affects both Mobile User VPN with IKEv2 and Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.
A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a local attacker to escalate their privileges to NT AUTHORITY\SYSTEM on the machine where the client is installed. This issue affects the Mobile VPN with SSL client for Windows up to and including version 2026.2.
A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem. Affected versions: Fireware OS 11.0 up to 11.12.4_Update1, 12.0 up to 12.12, and 2025.1 up to 2026.2.
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI allows an authenticated privileged user to execute arbitrary code via a specially crafted CLI command.
An Out-of-bounds Write vulnerability in the networkd process of WatchGuard Fireware OS allows an authenticated privileged user to execute arbitrary code via specially crafted requests to the Management Web UI. This affects Fireware OS versions 11.8 up to 11.12.4_Update1, 12.0 up to 12.12, and 2025.1 up to 2026.2.
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.
A vulnerability in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network due to incorrect authorization.
A Server-Side Request Forgery (SSRF) vulnerability in Azure OpenAI allows an authorized attacker to escalate privileges over a network.
A URL redirection to untrusted site (open redirect) vulnerability in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
An improper access control vulnerability in Azure Synapse allows an authorized attacker to elevate privileges over a network. The issue affects authorization mechanisms in Microsoft's analytics service.

