Total CVEs

143,746

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,538
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 1,801 - 1,820 of 40,151 CVEs
CVE-2026-13383 HIGH - 7.2

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS ikestubd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and ...

Vendor: WatchGuard
Product: Fireware OS
Published: Jul 03, 2026
Source: NVD
CVE-2026-13377 MEDIUM - 4.8

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-6947. This issue affects Fireware OS 12.0 up to ...

Vendor: WatchGuard
Product: Fireware OS
Published: Jul 03, 2026
Source: NVD
CVE-2026-13376 MEDIUM - 4.8

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-1071. This issue affects Fireware OS 12.0 up t...

Vendor: WatchGuard
Product: Fireware OS
Published: Jul 03, 2026
Source: NVD
CVE-2026-13375 MEDIUM - 4.8

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13938. This issue affec...

Vendor: WatchGuard
Product: Fireware OS
Published: Jul 03, 2026
Source: NVD
CVE-2026-13374 MEDIUM - 4.8

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13937. This issue af...

Vendor: WatchGuard
Product: Fireware OS
Published: Jul 03, 2026
Source: NVD
CVE-2026-13373 MEDIUM - 4.8

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13936. This issue affec...

Vendor: WatchGuard
Product: Fireware OS
Published: Jul 03, 2026
Source: NVD

An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the put_data endpoint, which performs unsafe deserialization of the attacker-supplied input.

Vendor: WatchGuard
Product: Fireware OS
Published: Jul 03, 2026
Source: NVD

WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that have...

Vendor: WatchGuard
Product: Fireware OS
Published: Jul 03, 2026
Source: NVD

A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service (DoS) condition by sending specially crafted IKEv2 messages. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKE...

Vendor: WatchGuard
Product: Fireware OS
Published: Jul 03, 2026
Source: NVD
CVE-2026-13079 HIGH - 7.8

A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a local attacker to escalate their privileges to NT AUTHORITY\SYSTEM on the machine where the client is installed. This issue affects the Mobile VPN with SSL client for Windows up to and inclu...

Vendor: WatchGuard
Product: Fireware OS
Published: Jul 03, 2026
Source: NVD
CVE-2026-13054 HIGH - 7.2

A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and...

Vendor: WatchGuard
Product: Fireware OS
Published: Jul 03, 2026
Source: NVD
CVE-2026-13053 HIGH - 7.2

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2...

Vendor: WatchGuard
Product: Fireware OS
Published: Jul 03, 2026
Source: NVD

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS networkd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 11.8 up to and including 11.12.4_Update1, 12.0 up to...

Vendor: WatchGuard
Product: Fireware OS
Published: Jul 03, 2026
Source: NVD
CVE-2026-57100 CRITICAL - 9.9

Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: entra_provisioning_service
Published: Jul 02, 2026
Source: NVD
CVE-2026-54998 HIGH - 8.8

Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: exchange_online
Published: Jul 02, 2026
Source: NVD
CVE-2026-45499 CRITICAL - 9.9

Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: azure_openai
Published: Jul 02, 2026
Source: NVD
CVE-2026-41106 CRITICAL - 9.3

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: 365_copilot
Published: Jul 02, 2026
Source: NVD
CVE-2026-26145 MEDIUM - 4.8

Improper access control in Azure Synapse allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: azure_synapse
Published: Jul 02, 2026
Source: NVD
CVE-2026-50722 HIGH - 8.1

Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v1_5 (RFC 8017). A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH ...

Vendor: The Libreswan Project
Product: libreswan
Published: Jul 02, 2026
Source: NVD
CVE-2026-50721 HIGH - 8.1

Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS #1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack t...

Vendor: The Libreswan Project
Product: libreswan
Published: Jul 02, 2026
Source: NVD