Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.7 HIGH
CVE-2026-13084 — Null Pointer Dereference in WatchGuard Fireware OS iked Process

A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service (DoS) condition by sending specially crafted IKEv2 message…

fireware_os | Remote | Denial of Service
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
9.2 CRITICAL
CVE-2026-13368 — WatchGuard Firebox Race Condition and Use-After-Free in Mobile VPN with IKEv2 LDAP Authen…

WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit t…

fireware_os | Remote | Race Condition
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.6 HIGH
CVE-2026-13722 — WatchGuard Firebox Firmware Image Validation Bypass in WatchGuard Fireware OS

WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this vulnerability to install a …

fireware_os | Remote | Authentication
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.6 HIGH
CVE-2026-13384 — WatchGuard Firebox wgagent Out of Bounds Write Vulnerability

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Managemen…

fireware_os | Remote | Memory Corruption
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.6 HIGH
CVE-2026-13383 — WatchGuard Firebox ikestubd Out of Bounds Write Vulnerability

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS ikestubd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Manageme…

fireware_os | Remote | Memory Corruption
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
4.8 MEDIUM
CVE-2026-13377 — WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in SIP Proxy Configura…

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability is an additi…

fireware_os | Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
4.8 MEDIUM
CVE-2026-13376 — WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in spamBlocker Module

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is an addi…

fireware_os | Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
4.8 MEDIUM
CVE-2026-13375 — WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Autotask Technology…

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS. This vu…

fireware_os | Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
4.8 MEDIUM
CVE-2026-13374 — WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in ConnectWise Technol…

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS. This…

fireware_os | Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
4.8 MEDIUM
CVE-2026-13373 — WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Tigerpaw Technology…

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS. This vu…

fireware_os | Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
6.9 MEDIUM
CVE-2026-13371 — WatchGuard Firebox Management Web UI Denial of Service via Unsafe Deserialization

An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the put_data endpoint, which performs unsafe deseria…

fireware_os | Remote | Denial of Service
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.8 HIGH
CVE-2026-54998 — Microsoft Exchange Online Elevation of Privilege Vulnerability

None

exchange_online | Remote
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
9.3 CRITICAL
CVE-2026-41106 — Microsoft 365 Copilot Elevation of Privilege Vulnerability

None

365_copilot | Remote
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
4.8 MEDIUM
CVE-2026-26145 — Microsoft Azure Synapse Elevation of Privilege Vulnerability

None

azure_synapse | Remote
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
9.9 CRITICAL
CVE-2026-45499 — Azure OpenAI Elevation of Privilege Vulnerability

None

azure_open-ai | Remote
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
9.9 CRITICAL
CVE-2026-57100 — Microsoft Entra Provisioning Service Elevation of Privilege Vulnerability

None

Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.1 HIGH
CVE-2026-50721 — IKEv1 Denial of Service via RSA-SHA1 (PKCS#1 Version 1.5 Encrypted) authentication payload

Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS #1…

Remote | Authentication
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.1 HIGH
CVE-2026-50722 — IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload

Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v…

Remote | Authentication
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.5 HIGH
CVE-2026-12413 — IKEv2 Denial of Service via malformed fragmentation

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemble_v2_incoming_fragments() w…

Remote | Denial of Service
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
9.4 CRITICAL
CVE-2026-52830 — fast-mcp-telegram: Bearer token path traversal bypasses reserved Telegram session protect…

fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact re…

Remote | Path Traversal
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Showing 20 of 7931 Results