Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
10.0 CRITICAL
CVE-2026-13768 — Gardyn IoT Hub Use of Hard-coded Credentials

Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Ho…

Remote | Authentication
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.6 HIGH
CVE-2026-13053 — WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI Command Handler

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command. This vulnerability af…

fireware_os | Remote | Memory Corruption
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.6 HIGH
CVE-2026-13050 — WatchGuard Firebox networkd Out of Bounds Write Vulnerability

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS networkd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Manageme…

fireware_os | Remote | Memory Corruption
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.6 HIGH
CVE-2026-13054 — WatchGuard Firebox Arbitrary File Write via Path Traversal in Management Web UI

A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem. This vulnerability …

fireware_os | Remote | Path Traversal
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.3 HIGH
CVE-2026-13079 — WatchGuard Mobile VPN with SSL Windows Client Local Privilege Escalation

A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a local attacker to escalate their privileges to NT AUTHORITY\SYSTEM on the machine where th…

fireware_os | Authentication
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.7 HIGH
CVE-2026-8247 — WatchGuard Firebox admd Out of Bounds Write Vulnerability

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker on the same local network segment to execute arbitrary code. This vulnerability affects Firewa…

fireware_os | Memory Corruption
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
5.9 MEDIUM
CVE-2026-13728 — WatchGuard Firebox Hardcoded Fallback Encryption Key in Access Portal Resource Credential…

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware …

fireware_os | Remote | Cryptography
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.7 HIGH
CVE-2026-13084 — Null Pointer Dereference in WatchGuard Fireware OS iked Process

A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service (DoS) condition by sending specially crafted IKEv2 message…

fireware_os | Remote | Denial of Service
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
9.2 CRITICAL
CVE-2026-13368 — WatchGuard Firebox Race Condition and Use-After-Free in Mobile VPN with IKEv2 LDAP Authen…

WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit t…

fireware_os | Remote | Race Condition
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.6 HIGH
CVE-2026-13722 — WatchGuard Firebox Firmware Image Validation Bypass in WatchGuard Fireware OS

WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this vulnerability to install a …

fireware_os | Remote | Authentication
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.6 HIGH
CVE-2026-13384 — WatchGuard Firebox wgagent Out of Bounds Write Vulnerability

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Managemen…

fireware_os | Remote | Memory Corruption
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.6 HIGH
CVE-2026-13383 — WatchGuard Firebox ikestubd Out of Bounds Write Vulnerability

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS ikestubd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Manageme…

fireware_os | Remote | Memory Corruption
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
4.8 MEDIUM
CVE-2026-13377 — WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in SIP Proxy Configura…

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability is an additi…

fireware_os | Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
4.8 MEDIUM
CVE-2026-13376 — WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in spamBlocker Module

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is an addi…

fireware_os | Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
4.8 MEDIUM
CVE-2026-13375 — WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Autotask Technology…

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS. This vu…

fireware_os | Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
4.8 MEDIUM
CVE-2026-13374 — WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in ConnectWise Technol…

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS. This…

fireware_os | Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
4.8 MEDIUM
CVE-2026-13373 — WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Tigerpaw Technology…

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS. This vu…

fireware_os | Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
6.9 MEDIUM
CVE-2026-13371 — WatchGuard Firebox Management Web UI Denial of Service via Unsafe Deserialization

An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the put_data endpoint, which performs unsafe deseria…

fireware_os | Remote | Denial of Service
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.8 HIGH
CVE-2026-54998 — Microsoft Exchange Online Elevation of Privilege Vulnerability

None

Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
9.3 CRITICAL
CVE-2026-41106 — Microsoft 365 Copilot Elevation of Privilege Vulnerability

None

Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Showing 20 of 7990 Results