CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-6788 – Uncontrolled search path in PluginLauncher allows SYSTEM code execution in WatchGuard Agent
https://notcve.org/view.php?id=CVE-2026-6788
06 May 2026 — Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000. • https://www.watchguard.com/wgrd-psirt/advisory/WGSA-2026-00013 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-6787 – Usage of a hard-coded cryptographic key in WatchGuard Agent allows inclusion of code into existing process
https://notcve.org/view.php?id=CVE-2026-6787
06 May 2026 — Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000. • https://www.watchguard.com/wgrd-psirt/advisory/WGSA-2026-00013 • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2026-41286 – Stack-based Buffer Overflow in WatchGuard Agent Discovery Service on Windows Causes Denial of Service - Variant B
https://notcve.org/view.php?id=CVE-2026-41286
06 May 2026 — Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00011 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2026-41288 – WatchGuard Agent on Windows Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2026-41288
06 May 2026 — Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\\SYSTEM. • https://www.watchguard.com/wgrd-psirt/advisory/WGSA-2026-00011 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2026-41287 – Stack-based Buffer Overflow in WatchGuard Agent Discovery Service on Windows Causes Denial of Service - Variant A
https://notcve.org/view.php?id=CVE-2026-41287
06 May 2026 — Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00010 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2782 – WatchGuard Terminal Services Agent Local Privilege Escalation via Non-Standard Installation Directory
https://notcve.org/view.php?id=CVE-2025-2782
28 Mar 2025 — The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Terminal Services Agent: from 12.0 through 12.10. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00005 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-3943 – Panda Endpoint Administration Agent < 7.50.00 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-3943
07 Apr 2016 — Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module. Desbordamiento de buffer en la función AStreamPeekStream en input/stream.c en VideoLAN VLC media player en versiones anteriores a 2.2.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo wav ... • https://www.exploit-db.com/exploits/39671 • CWE-276: Incorrect Default Permissions •