CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
In IMS, a vulnerability allows out-of-bounds read due to missing bounds check. This could lead to remote denial of service without requiring additional execution privileges.
The AR for WooCommerce plugin for WordPress up to version 8.40 is vulnerable to Directory Traversal via the 'file' parameter. Unauthenticated attackers can read arbitrary files on the server, including sensitive information, because three access controls fail: nonces are generated without authentication, the AES-256-CBC encryption key is predictable (derived from 'ar_licence_key' option, which defaults to false), and the Referer check is easily bypassed.
The NEX-Forms plugin for WordPress up to version 9.2.2 is vulnerable to Stored Cross-Site Scripting via the 'real_val__' parameter due to insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbitrary web scripts that execute when users access affected pages.
A vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. The issue stems from external control of file name or path.
The ASUS AI Suite 3 driver contains a vulnerability due to improper validation of specified quantity in input, allowing a local user to bypass security and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation.
The ASUS AI Suite 3 driver lacks proper validation of specified quantity in input, allowing a local user to access unintended memory regions via crafted IOCTL requests. This vulnerability leads to privilege escalation.
The AR for WordPress plugin up to version 8.40 is vulnerable to Directory Traversal via the 'file' parameter. An unauthenticated attacker can read arbitrary files on the server, potentially exposing sensitive information.
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS allows an unauthenticated attacker on the same local network segment to execute arbitrary code.
A vulnerability in WatchGuard Fireware OS allows bypassing firmware validation when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this to install a tampered firmware image.
An Out-of-bounds Write vulnerability in the wgagent process of WatchGuard Fireware OS allows an authenticated privileged user to execute arbitrary code via specially crafted requests to the Management Web UI. This affects Fireware OS versions 12.1 through 12.12 and 2025.1 through 2026.2.
An Out-of-bounds Write vulnerability in the WatchGuard Fireware OS ikestubd process allows an authenticated privileged user to execute arbitrary code via specially crafted requests to the Management Web UI.
A null pointer dereference vulnerability in WatchGuard Fireware OS allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted IKEv2 messages. This affects both Mobile User VPN with IKEv2 and Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.
A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a local attacker to escalate their privileges to NT AUTHORITY\SYSTEM on the machine where the client is installed. This issue affects the Mobile VPN with SSL client for Windows up to and including version 2026.2.
A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem. Affected versions: Fireware OS 11.0 up to 11.12.4_Update1, 12.0 up to 12.12, and 2025.1 up to 2026.2.
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI allows an authenticated privileged user to execute arbitrary code via a specially crafted CLI command.
An Out-of-bounds Write vulnerability in the networkd process of WatchGuard Fireware OS allows an authenticated privileged user to execute arbitrary code via specially crafted requests to the Management Web UI. This affects Fireware OS versions 11.8 up to 11.12.4_Update1, 12.0 up to 12.12, and 2025.1 up to 2026.2.
A vulnerability in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network due to incorrect authorization.
In Libreswan, the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa() incorrectly verifies the DER encoding of the ASN.1 digest when processing IKEv2 AUTH payloads using RSASSA-PKCS1-v1_5. A remote attacker can exploit a Bleichenbacher-style attack to forge the AUTH payload when small public exponents (e.g., e=3) are used, leading to impersonation. Additionally, encoding a shorter-than-expected hash in the AUTH payload can trigger an assertion causing denial-of-service.
In Libreswan, the function RSA_authenticate_hash_signature_raw_rsa() did not properly verify the length of the authentication hash when processing IKEv1 packets with PKCS #1 RSA Encryption (RFC 2313). A remote attacker can use a variation of the Bleichenbacher attack to forge the SIG payload when small public exponents are used (e.g., e=3), leading to impersonation. Additionally, sending a shorter-than-expected hash in the SIG payload can trigger an assertion and daemon restart, causing denial of service.
An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart due to an off-by-one error in the PASSERT assertion. Continued exploitation leads to denial of service. IKEv1 is not affected.

