CVE-2022-31789 — CVSS 9.8 (critical): An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and…
CVE-2013-6021 — CVSS 9.3 (critical): Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long…
CVE-2022-25361 — CVSS 9.1 (critical): WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories…
CVE-2022-25293 — CVSS 8.8 (high): A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially…
CVE-2022-25292 — CVSS 8.8 (high): A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially…
CVE-2022-25360 — CVSS 8.8 (high): WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary…
CVE-2022-25291 — CVSS 8.8 (high): An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer…
CVE-2022-31791 — CVSS 7.8 (high): WatchGuard Firebox and XTM appliances allow a local attacker (that has already obtained shell access) to elevate their privileges and…
CVE-2025-1545 — CVSS 7.5 (high): An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information…
CVE-2017-14616 — CVSS 7.5 (high): An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML…
CVE-2022-31790 — CVSS 7.5 (high): WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by…
CVE-2025-11838 — CVSS 7.5 (high): A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS)…
CVE-2024-5974 — CVSS 7.2 (high): A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute…
CVE-2026-3342 — CVSS 7.2 (high): An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary…
CVE-2025-1547 — CVSS 7.2 (high): A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allow an authenticated…
CVE-2025-12196 — CVSS 7.2 (high): An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code…
CVE-2025-12195 — CVSS 7.2 (high): An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code…
CVE-2025-12026 — CVSS 7.2 (high): An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticated privileged user…
CVE-2022-25363 — CVSS 6.5 (medium): WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management…
CVE-2022-25290 — CVSS 6.5 (medium): WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private…
CVE-2017-14615 — CVSS 6.1 (medium): An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the…
CVE-2025-0178 — CVSS 6.1 (medium): Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in…
CVE-2025-13937 — CVSS 6.1 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS…
CVE-2025-13938 — CVSS 6.1 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS…
CVE-2025-13939 — CVSS 6.1 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS…
CVE-2016-6154 — CVSS 6.1 (medium): The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
CVE-2026-3343 — CVSS 6.1 (medium): A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of…
CVE-2025-13936 — CVSS 6.1 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS…
CVE-2025-13940 — CVSS 5.5 (medium): An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time…
CVE-2022-31792 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. A remote…
CVE-2017-8056 — CVSS 5.3 (medium): WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes…
CVE-2017-8055 — CVSS 5.3 (medium): WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password…
CVE-2026-3344 — CVSS 4.9 (medium): A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited…
CVE-2025-6946 — CVSS 4.8 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows…
CVE-2025-1071 — CVSS 4.8 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows…
CVE-2014-0338 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow…
CVE-2013-5702 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to…