CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-1498 – WatchGuard Firebox LDAP Injection
https://notcve.org/view.php?id=CVE-2026-1498
30 Jan 2026 — An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to authenticate as an LDAP user with a partial identifier if they additionally have that user's valid passphrase.This issue affects Fireware OS: from 12.0 through 12.11.6, from 12.5 through 12.5.15, from 2025.1 throug... • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00001 • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 10.0EPSS: 40%CPEs: 4EXPL: 0CVE-2025-14733 – WatchGuard Firebox Out of Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-14733
19 Dec 2025 — An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.5 and 2025.1 up to and including 2025.1.3. WatchGuard Fireware OS iked process contains an out of bounds write vulnera... • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00027 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1547 – WatchGuard Firebox Authenticated Stack Overflow in Certificate Request Command
https://notcve.org/view.php?id=CVE-2025-1547
04 Dec 2025 — A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.2. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00013 • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6946 – WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in IPS Configuration
https://notcve.org/view.php?id=CVE-2025-6946
04 Dec 2025 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from 12.0 through 12.11.2. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1545 – WatchGuard Firebox XPath Injection Vulnerability in Web CGI
https://notcve.org/view.php?id=CVE-2025-1545
04 Dec 2025 — An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least one authentication hotspot configured.This issue affects Fireware OS 11.11 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025... • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00025 • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-11838 – WatchGuard Firebox iked Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2025-11838
04 Dec 2025 — A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware OS 12.0 up to and including 12.11.4 and 2025.1 up to and including 2025.1.2. A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) co... • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00018 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-13940 – WatchGuard Firebox Boot Time System Integrity Check Bypass
https://notcve.org/view.php?id=CVE-2025-13940
04 Dec 2025 — An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the Fireware Web UI will correctly show a failed system integrity check message in the event of a failure.This issue affects Fireware OS: from 12.8.1 through 12.11.4, from 2025.1 through 2025.1.2. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00026 • CWE-440: Expected Behavior Violation •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2025-13939 – WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Gateway Wireless Controller
https://notcve.org/view.php?id=CVE-2025-13939
04 Dec 2025 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Gateway Wireless Controller module) allows Stored XSS.This issue affects Fireware OS 11.7.2 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-13938 – WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Autotask Technology Integration Configuration
https://notcve.org/view.php?id=CVE-2025-13938
04 Dec 2025 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00023 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-13937 – WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in ConnectWise Technology Integration Configuration
https://notcve.org/view.php?id=CVE-2025-13937
04 Dec 2025 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00022 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •