{"resultsPerPage":29,"startIndex":0,"totalResults":29,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-14T11:31:13.396","vulnerabilities":[{"cve":{"id":"CVE-2016-6648","sourceIdentifier":"security_alert@emc.com","published":"2017-02-03T07:59:00.263","lastModified":"2026-07-10T14:57:26.683","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system."},{"lang":"es","value":"Las versiones de EMC RecoverPoint anteriores a 4.4.1.1 y las versiones de EMC RecoverPoint for Virtual Machines anteriores a 5.0 se ven afectadas por la vulnerabilidad de divulgación de información sensible como resultado de permisos incorrectos establecidos en un archivo de sistema sensible. Un administrador malicioso con privilegios de configuración puede tener acceso a este archivo del sistema sensible y comprometer el sistema afectado."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"n/a","product":"EMC RecoverPoint and EMC RecoverPoint for Virtual Machines EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0","versions":[{"version":"EMC RecoverPoint and EMC RecoverPoint for Virtual Machines EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-275"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:recoverpoint_for_virtual_machines:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0","matchCriteriaId":"E78F1D55-2AAB-4B80-A7CD-4113C74CE0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:recoverpoint:*:*:*:*:*:*:*:*","versionEndIncluding":"4.4.1.0","matchCriteriaId":"FBC82D11-58B7-4240-8D63-70B5A8C0E11A"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540058/30/0/threaded","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95821","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037727","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/540058/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95821","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037727","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6649","sourceIdentifier":"security_alert@emc.com","published":"2017-02-03T07:59:00.297","lastModified":"2026-07-10T14:57:26.683","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with configuration privileges may bypass the user interface and escalate his privileges to root."},{"lang":"es","value":"EMC RecoverPoint en versiones anteriores a 4.4.1.1 y EMC RecoverPoint for Virtual Machines en versiones anteriores a 5.0 están afectados por múltiples vulnerabilidades de inyección de comandos en las que un administrador malicioso con privilegios de configuración puede eludir la interfaz de usuario y escalar sus privilegios para root."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"n/a","product":"EMC RecoverPoint and EMC RecoverPoint for Virtual Machines EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0","versions":[{"version":"EMC RecoverPoint and EMC RecoverPoint for Virtual Machines EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:recoverpoint_for_virtual_machines:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0","matchCriteriaId":"E78F1D55-2AAB-4B80-A7CD-4113C74CE0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:recoverpoint:*:*:*:*:*:*:*:*","versionEndIncluding":"4.4.1.0","matchCriteriaId":"FBC82D11-58B7-4240-8D63-70B5A8C0E11A"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540058/30/0/threaded","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95821","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037727","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/540058/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95821","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037727","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6650","sourceIdentifier":"security_alert@emc.com","published":"2017-03-21T16:59:00.193","lastModified":"2026-07-10T14:57:26.683","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system."},{"lang":"es","value":"EMC RecoverPoint en versiones anteriores a 5.0 y EMC RecoverPoint para versiones de maquinas virtuales en versiones anteriores 5.0 tienen una vulnerabilidad SSL Stripping que puede ser explotada potencialmente por usuarios maliciosos para comprometer el sistema afectado."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"n/a","product":"EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0","versions":[{"version":"EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:recoverpoint_for_virtual_machines:*:*:*:*:*:*:*:*","versionEndIncluding":"4.4.1.1","matchCriteriaId":"C00743CC-F545-46E7-BBC3-4661A8E54B6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:recoverpoint:*:*:*:*:*:*:*:*","versionEndIncluding":"4.4.1.1","matchCriteriaId":"D15E3B59-DBD6-4DD0-8BC0-351E4C45279C"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540303/30/0/threaded","source":"security_alert@emc.com","tags":["Mitigation","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96156","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1038066","source":"security_alert@emc.com"},{"url":"http://www.securityfocus.com/archive/1/540303/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96156","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1038066","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-42582","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T19:17:23.763","lastModified":"2026-07-10T13:44:19.907","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoder#decodeHuffmanEncodedLiteral may execute new byte[length] for a string literal before verifying that length bytes are actually present in the compressed field section. The wire encoding allows a very large length to be expressed in few bytes. There is no check that length <= in.readableBytes() before new byte[length]. This vulnerability is fixed in 4.2.13.Final."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"netty","product":"netty","versions":[{"version":">= 4.2.0.Alpha1, < 4.2.13.Final","status":"affected"}]},{"vendor":"io.netty","product":"netty-codec-http3","versions":[{"version":">= 4.2.0.Alpha1, < 4.2.13.Final","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T19:35:22.097676Z","id":"CVE-2026-42582","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"},{"lang":"en","value":"CWE-789"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndExcluding":"4.2.13","matchCriteriaId":"D94A720F-9CED-4BE9-8C37-FD9E2FD28472"}]}]}],"references":[{"url":"https://github.com/netty/netty/security/advisories/GHSA-2c5c-chwr-9hqw","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/netty/netty/security/advisories/GHSA-2c5c-chwr-9hqw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46732","sourceIdentifier":"security_alert@emc.com","published":"2026-06-25T14:16:40.250","lastModified":"2026-07-10T14:53:31.657","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"Display and Peripheral Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"Version 2.3 and later","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-46732","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:display_and_peripheral_manager:*:*:*:*:*:macos:*:*","versionEndExcluding":"2.3.0","matchCriteriaId":"6297898D-7447-4BD2-8662-9A4A01C3FE07"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-hk/000475656/dsa-2026-267?msockid=3021cac2195069ed3194ddad186a68f9","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46733","sourceIdentifier":"security_alert@emc.com","published":"2026-06-25T14:16:40.363","lastModified":"2026-07-10T14:53:27.750","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"Display and Peripheral Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"Version 2.3 and later","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-46733","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:display_and_peripheral_manager:*:*:*:*:*:windows:*:*","versionEndExcluding":"2.3.0","matchCriteriaId":"5B8C197A-7B03-4273-A12C-97B2BAEF6C44"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-fm/000477679/dsa-2026-277?msockid=3021cac2195069ed3194ddad186a68f9","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46734","sourceIdentifier":"security_alert@emc.com","published":"2026-06-25T14:16:40.470","lastModified":"2026-07-10T14:52:50.273","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"Display and Peripheral Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"Version 2.3 and later","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-46734","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:display_and_peripheral_manager:*:*:*:*:*:macos:*:*","versionEndExcluding":"2.3.0","matchCriteriaId":"6297898D-7447-4BD2-8662-9A4A01C3FE07"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-hk/000475656/dsa-2026-267?msockid=3021cac2195069ed3194ddad186a68f9","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58517","sourceIdentifier":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","published":"2026-07-01T19:16:57.063","lastModified":"2026-07-10T13:50:41.347","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of input terminators vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Authentication Bypass.\n\nThis issue affects Mediawiki - WikiLambda Extension: from * before 1.43.9,1.44.6,1.45.4."}],"affected":[{"source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","affectedData":[{"vendor":"The Wikimedia Foundation","product":"Mediawiki - WikiLambda Extension","defaultStatus":"unaffected","versions":[{"version":"*","lessThan":"1.43.9,1.44.6,1.45.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-01T18:34:52.042792Z","id":"CVE-2026-58517","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*","versionStartIncluding":"1.43.0","versionEndExcluding":"1.43.9","matchCriteriaId":"5BC82408-61E8-4F28-8AEC-438E159DC867"},{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*","versionStartIncluding":"1.44.0","versionEndExcluding":"1.44.6","matchCriteriaId":"8F0FD7F7-0D82-4E68-91D8-0ADAE54CB8C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*","versionStartIncluding":"1.45.0","versionEndExcluding":"1.45.4","matchCriteriaId":"439E39DA-8BB7-4AF7-9F42-E334A9B4AD3E"}]}]}],"references":[{"url":"https://gerrit.wikimedia.org/r/c/1305376","source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","tags":["Issue Tracking"]},{"url":"https://phabricator.wikimedia.org/T428833","source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-13053","sourceIdentifier":"5d1c2695-1a31-4499-88ae-e847036fd7e3","published":"2026-07-03T00:16:50.320","lastModified":"2026-07-10T13:00:36.247","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command.\n\nThis vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2."}],"affected":[{"source":"5d1c2695-1a31-4499-88ae-e847036fd7e3","affectedData":[{"vendor":"WatchGuard","product":"Fireware OS","defaultStatus":"unaffected","versions":[{"version":"11.0","lessThanOrEqual":"11.12.4+541730","versionType":"semver","status":"affected"},{"version":"12.0","lessThanOrEqual":"12.12","versionType":"semver","status":"affected"},{"version":"12.5","lessThanOrEqual":"12.5.18","versionType":"semver","status":"affected"},{"version":"2025.1","lessThanOrEqual":"2026.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5d1c2695-1a31-4499-88ae-e847036fd7e3","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-13053","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5d1c2695-1a31-4499-88ae-e847036fd7e3","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"12.12.1","matchCriteriaId":"53C5AE66-0DEF-46C5-BE3A-B07CC62348FD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m270:-:*:*:*:*:*:*:*","matchCriteriaId":"E472917E-D6E1-4C2D-B37D-E76FCC7307CA"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m290:-:*:*:*:*:*:*:*","matchCriteriaId":"9A8C7779-4466-4A9E-B191-929E7746DFF7"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m370:-:*:*:*:*:*:*:*","matchCriteriaId":"6CE9A123-B769-4E56-845E-DC3DA6166C78"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m390:-:*:*:*:*:*:*:*","matchCriteriaId":"180FAE8C-2E73-4C09-AA11-0C82A7715FA3"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m440:-:*:*:*:*:*:*:*","matchCriteriaId":"309DBEF2-1D92-4641-827F-D99758B5FFA3"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m4600:-:*:*:*:*:*:*:*","matchCriteriaId":"D1E8CFC5-51FE-4D75-845F-D70C30AF11B0"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m470:-:*:*:*:*:*:*:*","matchCriteriaId":"BBFBA966-E052-4350-9544-3B5D484DBB6B"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m4800:-:*:*:*:*:*:*:*","matchCriteriaId":"EF1E586D-0E88-447A-95E8-5203EF869ADB"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m5600:-:*:*:*:*:*:*:*","matchCriteriaId":"1BC087C4-CB10-46D4-A746-0C462354410C"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m570:-:*:*:*:*:*:*:*","matchCriteriaId":"59389EA2-3067-4AF8-AEC5-FE79E269C170"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m5800:-:*:*:*:*:*:*:*","matchCriteriaId":"445FA7CD-D0AE-4176-9AE5-293B918DE654"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m590:-:*:*:*:*:*:*:*","matchCriteriaId":"1B4A7366-0304-431E-B3E4-719BA575CEAC"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m670:-:*:*:*:*:*:*:*","matchCriteriaId":"E8512B4A-5269-4067-B9C6-475A4E8AD313"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m690:-:*:*:*:*:*:*:*","matchCriteriaId":"179C6166-87E1-44F8-B727-CDDE40C673D9"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_nv5:-:*:*:*:*:*:*:*","matchCriteriaId":"584107CC-6136-4AA1-AE68-73B93BDDB5B6"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t20:-:*:*:*:*:*:*:*","matchCriteriaId":"9295217E-C1A0-4A69-A0F0-C44814BB376C"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t25:-:*:*:*:*:*:*:*","matchCriteriaId":"7DC49246-2166-4681-8D67-4C0940884872"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t40:-:*:*:*:*:*:*:*","matchCriteriaId":"CC853916-8BDC-4F7C-BA53-D6AB490A9444"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t45:-:*:*:*:*:*:*:*","matchCriteriaId":"DCB1A254-DA3C-4032-B2C6-C9EBCE8EC15E"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t55:-:*:*:*:*:*:*:*","matchCriteriaId":"D3562304-0317-4A3C-B622-D5CE01CC97F9"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t70:-:*:*:*:*:*:*:*","matchCriteriaId":"327BA50A-366A-4367-93B8-328EC0136FA7"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t80:-:*:*:*:*:*:*:*","matchCriteriaId":"D92ABD52-20F6-4AB1-801F-9E7B7B1B78A1"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t85:-:*:*:*:*:*:*:*","matchCriteriaId":"3552F3BB-8021-4E87-987D-870699A7E619"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:fireboxcloud:-:*:*:*:*:*:*:*","matchCriteriaId":"158560A0-D694-41AF-A5F8-0F6FB3EFB8FA"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:fireboxv:-:*:*:*:*:*:*:*","matchCriteriaId":"4ECAE1D7-9868-4730-B645-44CB1B6FDE96"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.1","versionEndExcluding":"2026.2.1","matchCriteriaId":"51B8E788-8FAF-4681-9750-488B2691F473"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m295:-:*:*:*:*:*:*:*","matchCriteriaId":"615FF2CF-69DA-4890-9236-52D8D6FA0E71"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m395:-:*:*:*:*:*:*:*","matchCriteriaId":"A3439409-2FD6-447B-91CF-17D1C09E2A79"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m495:-:*:*:*:*:*:*:*","matchCriteriaId":"C0C0412F-AB02-4D13-B159-D0FCD2ECA3ED"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m595:-:*:*:*:*:*:*:*","matchCriteriaId":"575CC5EE-0278-489B-AA95-5EC5058D6FB9"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m695:-:*:*:*:*:*:*:*","matchCriteriaId":"5597F672-3C72-4BCF-AD3F-F16B6913EC2F"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t115-w:-:*:*:*:*:*:*:*","matchCriteriaId":"E8AAE66B-DD19-4C90-8DFC-F77BA1541642"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t125:-:*:*:*:*:*:*:*","matchCriteriaId":"7FC18430-C6B4-4395-BFF1-83BB005875BA"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t125-w:-:*:*:*:*:*:*:*","matchCriteriaId":"1A7C1C91-8B6E-4FB0-841E-7F88B06B1435"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t145:-:*:*:*:*:*:*:*","matchCriteriaId":"8FE309D6-BD5E-4D18-91C3-A492C3576115"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t145-w:-:*:*:*:*:*:*:*","matchCriteriaId":"75959D39-0960-4836-96C7-DB8048DDE4B8"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t185:-:*:*:*:*:*:*:*","matchCriteriaId":"D0087049-27C6-4B18-A645-72A8F63D7C6D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndIncluding":"12.5.18","matchCriteriaId":"33948F6A-CD9A-48D6-9A8F-F288242641EE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t15:-:*:*:*:*:*:*:*","matchCriteriaId":"626220F8-7F0C-4DD8-8001-12EA0A777A0D"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t35:-:*:*:*:*:*:*:*","matchCriteriaId":"E561A57F-91A5-4B3C-9F7D-62E9AB5163A7"}]}]}],"references":[{"url":"https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00030","source":"5d1c2695-1a31-4499-88ae-e847036fd7e3","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-13054","sourceIdentifier":"5d1c2695-1a31-4499-88ae-e847036fd7e3","published":"2026-07-03T00:16:50.497","lastModified":"2026-07-10T12:58:52.963","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem.\n\n\n\n\nThis vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2."}],"affected":[{"source":"5d1c2695-1a31-4499-88ae-e847036fd7e3","affectedData":[{"vendor":"WatchGuard","product":"Fireware OS","defaultStatus":"unaffected","versions":[{"version":"11.0","lessThanOrEqual":"11.12.4+541730","versionType":"semver","status":"affected"},{"version":"12.0","lessThanOrEqual":"12.12","versionType":"semver","status":"affected"},{"version":"12.5","lessThanOrEqual":"12.5.18","versionType":"semver","status":"affected"},{"version":"2025.1","lessThanOrEqual":"2026.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5d1c2695-1a31-4499-88ae-e847036fd7e3","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-13054","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5d1c2695-1a31-4499-88ae-e847036fd7e3","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"12.12.1","matchCriteriaId":"53C5AE66-0DEF-46C5-BE3A-B07CC62348FD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m270:-:*:*:*:*:*:*:*","matchCriteriaId":"E472917E-D6E1-4C2D-B37D-E76FCC7307CA"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m290:-:*:*:*:*:*:*:*","matchCriteriaId":"9A8C7779-4466-4A9E-B191-929E7746DFF7"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m370:-:*:*:*:*:*:*:*","matchCriteriaId":"6CE9A123-B769-4E56-845E-DC3DA6166C78"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m390:-:*:*:*:*:*:*:*","matchCriteriaId":"180FAE8C-2E73-4C09-AA11-0C82A7715FA3"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m440:-:*:*:*:*:*:*:*","matchCriteriaId":"309DBEF2-1D92-4641-827F-D99758B5FFA3"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m4600:-:*:*:*:*:*:*:*","matchCriteriaId":"D1E8CFC5-51FE-4D75-845F-D70C30AF11B0"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m470:-:*:*:*:*:*:*:*","matchCriteriaId":"BBFBA966-E052-4350-9544-3B5D484DBB6B"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m4800:-:*:*:*:*:*:*:*","matchCriteriaId":"EF1E586D-0E88-447A-95E8-5203EF869ADB"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m5600:-:*:*:*:*:*:*:*","matchCriteriaId":"1BC087C4-CB10-46D4-A746-0C462354410C"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m570:-:*:*:*:*:*:*:*","matchCriteriaId":"59389EA2-3067-4AF8-AEC5-FE79E269C170"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m5800:-:*:*:*:*:*:*:*","matchCriteriaId":"445FA7CD-D0AE-4176-9AE5-293B918DE654"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m590:-:*:*:*:*:*:*:*","matchCriteriaId":"1B4A7366-0304-431E-B3E4-719BA575CEAC"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m670:-:*:*:*:*:*:*:*","matchCriteriaId":"E8512B4A-5269-4067-B9C6-475A4E8AD313"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m690:-:*:*:*:*:*:*:*","matchCriteriaId":"179C6166-87E1-44F8-B727-CDDE40C673D9"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_nv5:-:*:*:*:*:*:*:*","matchCriteriaId":"584107CC-6136-4AA1-AE68-73B93BDDB5B6"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t20:-:*:*:*:*:*:*:*","matchCriteriaId":"9295217E-C1A0-4A69-A0F0-C44814BB376C"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t25:-:*:*:*:*:*:*:*","matchCriteriaId":"7DC49246-2166-4681-8D67-4C0940884872"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t40:-:*:*:*:*:*:*:*","matchCriteriaId":"CC853916-8BDC-4F7C-BA53-D6AB490A9444"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t45:-:*:*:*:*:*:*:*","matchCriteriaId":"DCB1A254-DA3C-4032-B2C6-C9EBCE8EC15E"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t55:-:*:*:*:*:*:*:*","matchCriteriaId":"D3562304-0317-4A3C-B622-D5CE01CC97F9"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t70:-:*:*:*:*:*:*:*","matchCriteriaId":"327BA50A-366A-4367-93B8-328EC0136FA7"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t80:-:*:*:*:*:*:*:*","matchCriteriaId":"D92ABD52-20F6-4AB1-801F-9E7B7B1B78A1"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t85:-:*:*:*:*:*:*:*","matchCriteriaId":"3552F3BB-8021-4E87-987D-870699A7E619"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:fireboxcloud:-:*:*:*:*:*:*:*","matchCriteriaId":"158560A0-D694-41AF-A5F8-0F6FB3EFB8FA"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:fireboxv:-:*:*:*:*:*:*:*","matchCriteriaId":"4ECAE1D7-9868-4730-B645-44CB1B6FDE96"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.1","versionEndExcluding":"2026.2.1","matchCriteriaId":"51B8E788-8FAF-4681-9750-488B2691F473"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m295:-:*:*:*:*:*:*:*","matchCriteriaId":"615FF2CF-69DA-4890-9236-52D8D6FA0E71"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m395:-:*:*:*:*:*:*:*","matchCriteriaId":"A3439409-2FD6-447B-91CF-17D1C09E2A79"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m495:-:*:*:*:*:*:*:*","matchCriteriaId":"C0C0412F-AB02-4D13-B159-D0FCD2ECA3ED"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m595:-:*:*:*:*:*:*:*","matchCriteriaId":"575CC5EE-0278-489B-AA95-5EC5058D6FB9"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m695:-:*:*:*:*:*:*:*","matchCriteriaId":"5597F672-3C72-4BCF-AD3F-F16B6913EC2F"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t115-w:-:*:*:*:*:*:*:*","matchCriteriaId":"E8AAE66B-DD19-4C90-8DFC-F77BA1541642"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t125:-:*:*:*:*:*:*:*","matchCriteriaId":"7FC18430-C6B4-4395-BFF1-83BB005875BA"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t125-w:-:*:*:*:*:*:*:*","matchCriteriaId":"1A7C1C91-8B6E-4FB0-841E-7F88B06B1435"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t145:-:*:*:*:*:*:*:*","matchCriteriaId":"8FE309D6-BD5E-4D18-91C3-A492C3576115"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t145-w:-:*:*:*:*:*:*:*","matchCriteriaId":"75959D39-0960-4836-96C7-DB8048DDE4B8"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t185:-:*:*:*:*:*:*:*","matchCriteriaId":"D0087049-27C6-4B18-A645-72A8F63D7C6D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndIncluding":"12.5.18","matchCriteriaId":"33948F6A-CD9A-48D6-9A8F-F288242641EE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t15:-:*:*:*:*:*:*:*","matchCriteriaId":"626220F8-7F0C-4DD8-8001-12EA0A777A0D"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t35:-:*:*:*:*:*:*:*","matchCriteriaId":"E561A57F-91A5-4B3C-9F7D-62E9AB5163A7"}]}]}],"references":[{"url":"https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00028","source":"5d1c2695-1a31-4499-88ae-e847036fd7e3","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-13079","sourceIdentifier":"5d1c2695-1a31-4499-88ae-e847036fd7e3","published":"2026-07-03T00:16:50.630","lastModified":"2026-07-10T14:32:03.710","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a local attacker to escalate their privileges to NT AUTHORITY\\SYSTEM on the machine where the client is installed.\n\nThis issue affects the Mobile VPN with SSL client for Windows up to and including 2026.2."}],"affected":[{"source":"5d1c2695-1a31-4499-88ae-e847036fd7e3","affectedData":[{"vendor":"WatchGuard","product":"Fireware OS","defaultStatus":"unaffected","versions":[{"version":"12.0","lessThanOrEqual":"12.12","versionType":"semver","status":"affected"},{"version":"2025.1","lessThanOrEqual":"2026.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5d1c2695-1a31-4499-88ae-e847036fd7e3","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-13079","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5d1c2695-1a31-4499-88ae-e847036fd7e3","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:watchguard:mobile_vpn_with_ssl:*:*:*:*:*:windows:*:*","versionEndExcluding":"2026.2.1","matchCriteriaId":"E8BDD75E-7168-4938-A1FD-CF83751BA5D5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.12.1","matchCriteriaId":"392AE171-0732-470C-AAFC-79F36AF04E8B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m270:-:*:*:*:*:*:*:*","matchCriteriaId":"E472917E-D6E1-4C2D-B37D-E76FCC7307CA"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m290:-:*:*:*:*:*:*:*","matchCriteriaId":"9A8C7779-4466-4A9E-B191-929E7746DFF7"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m370:-:*:*:*:*:*:*:*","matchCriteriaId":"6CE9A123-B769-4E56-845E-DC3DA6166C78"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m390:-:*:*:*:*:*:*:*","matchCriteriaId":"180FAE8C-2E73-4C09-AA11-0C82A7715FA3"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m440:-:*:*:*:*:*:*:*","matchCriteriaId":"309DBEF2-1D92-4641-827F-D99758B5FFA3"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m4600:-:*:*:*:*:*:*:*","matchCriteriaId":"D1E8CFC5-51FE-4D75-845F-D70C30AF11B0"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m470:-:*:*:*:*:*:*:*","matchCriteriaId":"BBFBA966-E052-4350-9544-3B5D484DBB6B"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m4800:-:*:*:*:*:*:*:*","matchCriteriaId":"EF1E586D-0E88-447A-95E8-5203EF869ADB"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m5600:-:*:*:*:*:*:*:*","matchCriteriaId":"1BC087C4-CB10-46D4-A746-0C462354410C"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m570:-:*:*:*:*:*:*:*","matchCriteriaId":"59389EA2-3067-4AF8-AEC5-FE79E269C170"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m5800:-:*:*:*:*:*:*:*","matchCriteriaId":"445FA7CD-D0AE-4176-9AE5-293B918DE654"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m590:-:*:*:*:*:*:*:*","matchCriteriaId":"1B4A7366-0304-431E-B3E4-719BA575CEAC"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m670:-:*:*:*:*:*:*:*","matchCriteriaId":"E8512B4A-5269-4067-B9C6-475A4E8AD313"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m690:-:*:*:*:*:*:*:*","matchCriteriaId":"179C6166-87E1-44F8-B727-CDDE40C673D9"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_nv5:-:*:*:*:*:*:*:*","matchCriteriaId":"584107CC-6136-4AA1-AE68-73B93BDDB5B6"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t20:-:*:*:*:*:*:*:*","matchCriteriaId":"9295217E-C1A0-4A69-A0F0-C44814BB376C"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t25:-:*:*:*:*:*:*:*","matchCriteriaId":"7DC49246-2166-4681-8D67-4C0940884872"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t40:-:*:*:*:*:*:*:*","matchCriteriaId":"CC853916-8BDC-4F7C-BA53-D6AB490A9444"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t45:-:*:*:*:*:*:*:*","matchCriteriaId":"DCB1A254-DA3C-4032-B2C6-C9EBCE8EC15E"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t55:-:*:*:*:*:*:*:*","matchCriteriaId":"D3562304-0317-4A3C-B622-D5CE01CC97F9"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t70:-:*:*:*:*:*:*:*","matchCriteriaId":"327BA50A-366A-4367-93B8-328EC0136FA7"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t80:-:*:*:*:*:*:*:*","matchCriteriaId":"D92ABD52-20F6-4AB1-801F-9E7B7B1B78A1"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t85:-:*:*:*:*:*:*:*","matchCriteriaId":"3552F3BB-8021-4E87-987D-870699A7E619"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:fireboxcloud:-:*:*:*:*:*:*:*","matchCriteriaId":"158560A0-D694-41AF-A5F8-0F6FB3EFB8FA"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:fireboxv:-:*:*:*:*:*:*:*","matchCriteriaId":"4ECAE1D7-9868-4730-B645-44CB1B6FDE96"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.1","versionEndExcluding":"2026.2.1","matchCriteriaId":"51B8E788-8FAF-4681-9750-488B2691F473"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m295:-:*:*:*:*:*:*:*","matchCriteriaId":"615FF2CF-69DA-4890-9236-52D8D6FA0E71"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m395:-:*:*:*:*:*:*:*","matchCriteriaId":"A3439409-2FD6-447B-91CF-17D1C09E2A79"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m495:-:*:*:*:*:*:*:*","matchCriteriaId":"C0C0412F-AB02-4D13-B159-D0FCD2ECA3ED"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m595:-:*:*:*:*:*:*:*","matchCriteriaId":"575CC5EE-0278-489B-AA95-5EC5058D6FB9"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m695:-:*:*:*:*:*:*:*","matchCriteriaId":"5597F672-3C72-4BCF-AD3F-F16B6913EC2F"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t115-w:-:*:*:*:*:*:*:*","matchCriteriaId":"E8AAE66B-DD19-4C90-8DFC-F77BA1541642"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t125:-:*:*:*:*:*:*:*","matchCriteriaId":"7FC18430-C6B4-4395-BFF1-83BB005875BA"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t125-w:-:*:*:*:*:*:*:*","matchCriteriaId":"1A7C1C91-8B6E-4FB0-841E-7F88B06B1435"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t145:-:*:*:*:*:*:*:*","matchCriteriaId":"8FE309D6-BD5E-4D18-91C3-A492C3576115"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t145-w:-:*:*:*:*:*:*:*","matchCriteriaId":"75959D39-0960-4836-96C7-DB8048DDE4B8"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t185:-:*:*:*:*:*:*:*","matchCriteriaId":"D0087049-27C6-4B18-A645-72A8F63D7C6D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*","versionStartIncluding":"12.5","versionEndIncluding":"12.5.18","matchCriteriaId":"1DB41269-782A-463C-B257-335542B73093"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t15:-:*:*:*:*:*:*:*","matchCriteriaId":"626220F8-7F0C-4DD8-8001-12EA0A777A0D"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t35:-:*:*:*:*:*:*:*","matchCriteriaId":"E561A57F-91A5-4B3C-9F7D-62E9AB5163A7"}]}]}],"references":[{"url":"https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00027","source":"5d1c2695-1a31-4499-88ae-e847036fd7e3","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-14535","sourceIdentifier":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","published":"2026-07-04T14:16:29.063","lastModified":"2026-07-10T15:00:43.630","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in the shared AnalysisContext.reported_shortened_code set. When the MLAllowlist analysis pass subsequently runs, it calls the same shorten_code() method, receives already_reported=True for every import, and executes a continue statement that skips its allowlist check entirely. This renders MLAllowlist dead code for all imports — it never evaluates whether an import is in the ML allowlist or not. The MLAllowlist pass was designed to catch imports of modules outside the known-safe ML ecosystem (torch, numpy, transformers, etc.) that slip past the UnsafeImports denylist. With MLAllowlist inoperative, any standard library module not in the UNSAFE_IMPORTS denylist can be invoked via pickle deserialization while fickling's check_safety() returns LIKELY_SAFE. The fickling.load() API chains check_safety() into pickle.loads() as an explicit security gate, meaning a LIKELY_SAFE verdict causes the payload to be deserialized and executed. The root cause is shared mutable state between independently-correct analysis passes — UnsafeImportsML works as designed in isolation, MLAllowlist works as designed in isolation, but the shared reported_shortened_code set causes UnsafeImportsML to poison MLAllowlist's deduplication logic."}],"affected":[{"source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","affectedData":[{"vendor":"trailofbits","product":"fickling","defaultStatus":"unaffected","collectionURL":"https://pypi.org/project/fickling/","packageName":"fickling","versions":[{"version":"0","lessThanOrEqual":"0.1.11","versionType":"custom","status":"affected"},{"version":"0.1.12","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T14:58:30.612222Z","id":"CVE-2026-14535","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trailofbits:fickling:*:*:*:*:*:python:*:*","versionEndIncluding":"0.1.11","matchCriteriaId":"A3AF23ED-3F44-48AF-A1AC-CFCDC22A55D3"}]}]}],"references":[{"url":"https://github.com/trailofbits/fickling/commit/41ce7cb01edd97072994039574a2301ebb3f463d","source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","tags":["Patch"]},{"url":"https://github.com/trailofbits/fickling/pull/278","source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/trailofbits/fickling/releases/tag/v0.1.12","source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","tags":["Release Notes"]},{"url":"https://github.com/trailofbits/fickling/security/advisories/GHSA-cffv-grgg-g429","source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/trailofbits/fickling/security/advisories/GHSA-cffv-grgg-g429","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-14380","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-07-07T23:16:53.963","lastModified":"2026-07-10T14:46:21.063","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile.\n\nWhen a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package name.\n\nAny caller-influenced value that reaches the Profile attribute is therefore arbitrary Perl code execution, including calls to run system commands.\n\nThe Profile attribute can be set from three different sources that can carry untrusted data: the DBI_PROFILE environment variable, a direct attribute assignment, and a DSN driver-attribute clause dbi:Driver(Profile=>SPEC):db.\n\nAn attacker controlling any of those inputs runs arbitrary Perl in the host process. The strongest remote position is a network-exposed DBI::Gofer / DBI::ProxyServer whose per-request DSN reaches the Profile attribute, letting a client execute code on the broker host."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"HMBRAND","product":"DBI","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"DBI","programFiles":["lib/DBI/Profile.pm"],"programRoutines":[{"name":"DBI::Profile::_auto_new"}],"repo":"https://github.com/perl5-dbi/dbi","versions":[{"version":"0","lessThan":"1.650","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:51:52.778631Z","id":"CVE-2026-14380","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-95"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:perl:dbi:*:*:*:*:*:*:*:*","versionEndExcluding":"1.650","matchCriteriaId":"3B8C837F-7D3B-4D47-B604-6927920CDF73"}]}]}],"references":[{"url":"https://github.com/perl5-dbi/dbi/commit/b73d5d9901767fc1d16b6661ef08fbed4532e259.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Patch"]},{"url":"https://github.com/perl5-dbi/dbi/security/advisories/GHSA-ch8w-hxc2-v557","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Vendor Advisory"]},{"url":"https://metacpan.org/release/HMBRAND/DBI-1.650/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Release Notes"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/07/16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-14739","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-07-07T23:16:54.090","lastModified":"2026-07-10T14:41:16.320","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders.\n\nThe fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders.\n\nDBI version 1.650 sets a hard limit of 99,999 placeholders."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"HMBRAND","product":"DBI","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"DBI","programFiles":["DBI.xs"],"programRoutines":[{"name":"preparse"}],"repo":"https://github.com/perl5-dbi/dbi","versions":[{"version":"0","lessThan":"1.650","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:55:38.504631Z","id":"CVE-2026-14739","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:perl:dbi:*:*:*:*:*:*:*:*","versionEndExcluding":"1.650","matchCriteriaId":"3B8C837F-7D3B-4D47-B604-6927920CDF73"}]}]}],"references":[{"url":"https://github.com/perl5-dbi/dbi/commit/2b77c88b655e9539a592c71a61fb965fc0075395.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Patch"]},{"url":"https://metacpan.org/release/HMBRAND/DBI-1.650/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Release Notes"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-10879","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Not Applicable"]}]}},{"cve":{"id":"CVE-2026-14740","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-07-07T23:16:54.193","lastModified":"2026-07-10T14:40:21.480","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment.\n\nThe preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. The result is a fault on memory-hardened builds and nondeterministic newline retention on normal builds."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"HMBRAND","product":"DBI","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"DBI","programFiles":["DBI.xs"],"programRoutines":[{"name":"preparse"}],"repo":"https://github.com/perl5-dbi/dbi","versions":[{"version":"0","lessThan":"1.650","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:58:06.622142Z","id":"CVE-2026-14740","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:perl:dbi:*:*:*:*:*:*:*:*","versionEndExcluding":"1.650","matchCriteriaId":"3B8C837F-7D3B-4D47-B604-6927920CDF73"}]}]}],"references":[{"url":"https://github.com/perl5-dbi/dbi/commit/fc16f9e8b3dd5c65caf1867781ab2bfe2fadcc01.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Patch"]},{"url":"https://github.com/perl5-dbi/dbi/security/advisories/GHSA-35f4-f8m9-w8xg","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Vendor Advisory"]},{"url":"https://metacpan.org/release/HMBRAND/DBI-1.650/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Release Notes"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/07/17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56297","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:16.360","lastModified":"2026-07-10T14:36:57.290","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcman_channel_close and dvcman_call_on_receive due to improper synchronization of channel_callback access. A malicious RDP server can trigger a race condition by sending DYNVC_DATA and DYNVC_CLOSE messages concurrently, causing heap-use-after-free in the drdynvc client thread and potentially enabling remote code execution or denial of service."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"FreeRDP","product":"FreeRDP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.22.0","versionType":"semver","status":"affected"},{"version":"3.22.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:22:55.790096Z","id":"CVE-2026-56297","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.22.0","matchCriteriaId":"9E363251-2275-4F89-B397-67FE461B63A0"}]}]}],"references":[{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3mv2-5q57-2v8h","source":"disclosure@vulncheck.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/freerdp-use-after-free-via-race-condition-in-drdynvc-channel-callback","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3mv2-5q57-2v8h","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10698","sourceIdentifier":"security@progress.com","published":"2026-07-08T15:16:25.040","lastModified":"2026-07-10T14:33:24.257","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports modules).\n\nThis issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1."}],"affected":[{"source":"security@progress.com","affectedData":[{"vendor":"Progress","product":"MOVEit Transfer","defaultStatus":"unaffected","modules":["Custom Reports"],"versions":[{"version":"2025.0.0","lessThan":"2025.0.8","versionType":"semver","status":"affected"},{"version":"2025.1.0","lessThan":"2025.1.4","versionType":"semver","status":"affected"},{"version":"2026.0.0","lessThan":"2026.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@progress.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T00:00:00+00:00","id":"CVE-2026-10698","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@progress.com","type":"Secondary","description":[{"lang":"en","value":"CWE-943"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*","versionEndIncluding":"2024.1.8","matchCriteriaId":"70852202-7FC7-408A-8205-3AAA494EE3DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.0.0","versionEndExcluding":"2025.0.8","matchCriteriaId":"26DA4DA6-DF46-478A-A880-42549D8E6F6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.1.0","versionEndExcluding":"2025.1.4","matchCriteriaId":"81C2C6E0-529A-4414-9266-15992A9749B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:2026.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5FBC74C0-6E1F-4CEC-B913-A7D0FE6D61B1"}]}]}],"references":[{"url":"https://community.progress.com/s/article/MOVEit-Transfer-Critical-Security-Bulletin-June-2026","source":"security@progress.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10699","sourceIdentifier":"security@progress.com","published":"2026-07-08T15:16:25.173","lastModified":"2026-07-10T14:25:58.720","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer (Custom Reports modules).\n\nThis issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1."}],"affected":[{"source":"security@progress.com","affectedData":[{"vendor":"Progress","product":"MOVEit Transfer","defaultStatus":"unaffected","modules":["Custom Reports"],"versions":[{"version":"2025.0.0","lessThan":"2025.0.8","versionType":"semver","status":"affected"},{"version":"2025.1.0","lessThan":"2025.1.4","versionType":"semver","status":"affected"},{"version":"2026.0.0","lessThan":"2026.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@progress.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:09:02.289312Z","id":"CVE-2026-10699","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@progress.com","type":"Secondary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*","versionEndIncluding":"2024.1.8","matchCriteriaId":"70852202-7FC7-408A-8205-3AAA494EE3DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.0.0","versionEndExcluding":"2025.0.8","matchCriteriaId":"26DA4DA6-DF46-478A-A880-42549D8E6F6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.1.0","versionEndExcluding":"2025.1.4","matchCriteriaId":"81C2C6E0-529A-4414-9266-15992A9749B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:2026.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5FBC74C0-6E1F-4CEC-B913-A7D0FE6D61B1"}]}]}],"references":[{"url":"https://community.progress.com/s/article/MOVEit-Transfer-Critical-Security-Bulletin-June-2026","source":"security@progress.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-11903","sourceIdentifier":"security@progress.com","published":"2026-07-08T15:16:25.470","lastModified":"2026-07-10T14:01:59.527","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Progress MOVEit Transfer (Ad Hoc module).\n\nThis issue affects MOVEit Transfer: from 2026.0.0 before 2026.0.1, from 2025.1.0 before 2025.1.4, from 2025.0.0 before 2025.0.8."}],"affected":[{"source":"security@progress.com","affectedData":[{"vendor":"Progress","product":"MOVEit Transfer","defaultStatus":"unaffected","modules":["Ad Hoc"],"versions":[{"version":"2026.0.0","lessThan":"2026.0.1","versionType":"semver","status":"affected"},{"version":"2025.1.0","lessThan":"2025.1.4","versionType":"semver","status":"affected"},{"version":"2025.0.0","lessThan":"2025.0.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@progress.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T00:00:00+00:00","id":"CVE-2026-11903","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@progress.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*","versionEndIncluding":"2024.1.8","matchCriteriaId":"70852202-7FC7-408A-8205-3AAA494EE3DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.0.0","versionEndExcluding":"2025.0.8","matchCriteriaId":"26DA4DA6-DF46-478A-A880-42549D8E6F6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.1.0","versionEndExcluding":"2025.1.4","matchCriteriaId":"81C2C6E0-529A-4414-9266-15992A9749B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:2026.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5FBC74C0-6E1F-4CEC-B913-A7D0FE6D61B1"}]}]}],"references":[{"url":"https://community.progress.com/s/article/MOVEit-Transfer-Critical-Security-Bulletin-June-2026","source":"security@progress.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-15164","sourceIdentifier":"cve@gitlab.com","published":"2026-07-08T21:16:47.343","lastModified":"2026-07-10T13:50:59.683","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"}],"affected":[{"source":"cve@gitlab.com","affectedData":[{"vendor":"Wireshark Foundation","product":"ciscodump","defaultStatus":"unaffected","versions":[{"version":"4.6.0","lessThan":"4.6.7","versionType":"semver","status":"affected"},{"version":"4.4.0","lessThan":"4.4.17","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:50:05.522806Z","id":"CVE-2026-15164","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.17","matchCriteriaId":"B9FABA5D-7249-44A2-BF12-18AFBCA61C17"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6.0","versionEndExcluding":"4.6.7","matchCriteriaId":"D7FEEC76-5F0F-4206-830C-4DF78953646B"}]}]}],"references":[{"url":"https://gitlab.com/wireshark/wireshark/-/work_items/21375","source":"cve@gitlab.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://www.wireshark.org/security/wnpa-sec-2026-63.html","source":"cve@gitlab.com","tags":["Vendor Advisory"]},{"url":"https://gitlab.com/wireshark/wireshark/-/work_items/21375","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-15165","sourceIdentifier":"cve@gitlab.com","published":"2026-07-08T21:16:47.450","lastModified":"2026-07-10T13:51:09.720","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service"}],"affected":[{"source":"cve@gitlab.com","affectedData":[{"vendor":"Wireshark Foundation","product":"Wireshark","defaultStatus":"unaffected","versions":[{"version":"4.6.0","lessThan":"4.6.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:46:53.770490Z","id":"CVE-2026-15165","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6.0","versionEndExcluding":"4.6.7","matchCriteriaId":"D7FEEC76-5F0F-4206-830C-4DF78953646B"}]}]}],"references":[{"url":"https://gitlab.com/wireshark/wireshark/-/work_items/21390","source":"cve@gitlab.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://www.wireshark.org/security/wnpa-sec-2026-56.html","source":"cve@gitlab.com","tags":["Vendor Advisory"]},{"url":"https://gitlab.com/wireshark/wireshark/-/work_items/21390","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-8472","sourceIdentifier":"cve@gitlab.com","published":"2026-07-08T21:16:55.327","lastModified":"2026-07-10T13:02:22.957","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to missing authorization checks."}],"affected":[{"source":"cve@gitlab.com","affectedData":[{"vendor":"GitLab","product":"GitLab","defaultStatus":"unaffected","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"repo":"git://git@gitlab.com:gitlab-org/gitlab.git","versions":[{"version":"18.9","lessThan":"18.11.7","versionType":"semver","status":"affected"},{"version":"19.0","lessThan":"19.0.4","versionType":"semver","status":"affected"},{"version":"19.1","lessThan":"19.1.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:14:37.744166Z","id":"CVE-2026-8472","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"18.9.0","versionEndExcluding":"18.11.7","matchCriteriaId":"D2243C03-3CA0-476A-AB5A-7E8B2C95B209"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"19.0.0","versionEndExcluding":"19.0.4","matchCriteriaId":"77F37C9F-5A51-4AD0-A919-F74CA49F8048"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"19.1.0","versionEndExcluding":"19.1.2","matchCriteriaId":"71AC7E45-C1B7-4EFE-8C29-E1D7ADD3D9F4"}]}]}],"references":[{"url":"https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-2-released/","source":"cve@gitlab.com","tags":["Vendor Advisory","Release Notes"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/599987","source":"cve@gitlab.com","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/3615282","source":"cve@gitlab.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-31981","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-07-09T08:16:47.483","lastModified":"2026-07-10T13:15:29.023","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple input vectors. When a victim views the affected data in the Diagram tab and Graph view, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration."}],"affected":[{"source":"prodsec@nozominetworks.com","affectedData":[{"vendor":"Nozomi Networks","product":"Guardian","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"26.2.0","versionType":"semver","status":"affected"}]},{"vendor":"Nozomi Networks","product":"CMC","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"26.2.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.7,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T12:43:12.336549Z","id":"CVE-2026-31981","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*","versionEndExcluding":"26.2.0","matchCriteriaId":"6A62E49F-CEE6-4C94-B5DC-9D1315EB058D"},{"vulnerable":true,"criteria":"cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*","versionEndExcluding":"26.2.0","matchCriteriaId":"6186E8B4-C53F-4CBD-A2B6-42C05C8CB2B1"}]}]}],"references":[{"url":"https://security.nozominetworks.com/NN-2026:8-01","source":"prodsec@nozominetworks.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-31982","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-07-09T08:16:47.650","lastModified":"2026-07-10T13:14:14.407","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who subsequently initiate SAML Single Sign-On, enabling phishing and credential-theft attacks, as well as disrupting SAML authentication for all affected users."}],"affected":[{"source":"prodsec@nozominetworks.com","affectedData":[{"vendor":"Nozomi Networks","product":"Guardian","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"26.2.0","versionType":"semver","status":"affected"}]},{"vendor":"Nozomi Networks","product":"CMC","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"26.2.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T12:41:31.002741Z","id":"CVE-2026-31982","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*","versionEndExcluding":"26.2.0","matchCriteriaId":"6A62E49F-CEE6-4C94-B5DC-9D1315EB058D"},{"vulnerable":true,"criteria":"cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*","versionEndExcluding":"26.2.0","matchCriteriaId":"6186E8B4-C53F-4CBD-A2B6-42C05C8CB2B1"}]}]}],"references":[{"url":"https://security.nozominetworks.com/NN-2026:9-01","source":"prodsec@nozominetworks.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-31983","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-07-09T08:16:47.800","lastModified":"2026-07-10T13:13:26.723","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH keys."}],"affected":[{"source":"prodsec@nozominetworks.com","affectedData":[{"vendor":"Nozomi Networks","product":"Guardian","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"26.2.0","versionType":"semver","status":"affected"}]},{"vendor":"Nozomi Networks","product":"CMC","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"26.2.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T12:41:13.586614Z","id":"CVE-2026-31983","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*","versionEndExcluding":"26.2.0","matchCriteriaId":"6A62E49F-CEE6-4C94-B5DC-9D1315EB058D"},{"vulnerable":true,"criteria":"cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*","versionEndExcluding":"26.2.0","matchCriteriaId":"6186E8B4-C53F-4CBD-A2B6-42C05C8CB2B1"}]}]}],"references":[{"url":"https://security.nozominetworks.com/NN-2026:10-01","source":"prodsec@nozominetworks.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-31984","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-07-09T08:16:47.940","lastModified":"2026-07-10T13:12:51.087","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. An unauthenticated attacker can submit requests containing excessively large input that is recorded into audit entries, possibly exhausting the available disk space and rendering the system inoperable."}],"affected":[{"source":"prodsec@nozominetworks.com","affectedData":[{"vendor":"Nozomi Networks","product":"Guardian","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"26.2.0","versionType":"semver","status":"affected"}]},{"vendor":"Nozomi Networks","product":"CMC","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"26.2.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T12:40:35.925650Z","id":"CVE-2026-31984","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*","versionEndExcluding":"26.2.0","matchCriteriaId":"6A62E49F-CEE6-4C94-B5DC-9D1315EB058D"},{"vulnerable":true,"criteria":"cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*","versionEndExcluding":"26.2.0","matchCriteriaId":"6186E8B4-C53F-4CBD-A2B6-42C05C8CB2B1"}]}]}],"references":[{"url":"https://security.nozominetworks.com/NN-2026:11-01","source":"prodsec@nozominetworks.com","tags":["Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-33390","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-07-09T08:16:48.233","lastModified":"2026-07-10T13:12:09.523","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affecting its availability."}],"affected":[{"source":"prodsec@nozominetworks.com","affectedData":[{"vendor":"Nozomi Networks","product":"Guardian","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"26.2.0","versionType":"semver","status":"affected"}]},{"vendor":"Nozomi Networks","product":"CMC","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"26.2.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T12:28:05.263677Z","id":"CVE-2026-33390","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*","versionEndExcluding":"26.2.0","matchCriteriaId":"6A62E49F-CEE6-4C94-B5DC-9D1315EB058D"},{"vulnerable":true,"criteria":"cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*","versionEndExcluding":"26.2.0","matchCriteriaId":"6186E8B4-C53F-4CBD-A2B6-42C05C8CB2B1"}]}]}],"references":[{"url":"https://security.nozominetworks.com/NN-2026:13-01","source":"prodsec@nozominetworks.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-43752","sourceIdentifier":"product-security@apple.com","published":"2026-07-09T18:16:52.160","lastModified":"2026-07-10T14:34:22.677","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1."}],"affected":[{"source":"product-security@apple.com","affectedData":[{"vendor":"Claris","product":"FileMaker Server","versions":[{"version":"0","lessThan":"26.0.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T18:48:52.263558Z","id":"CVE-2026-43752","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:claris:filemaker_server:*:*:*:*:*:*:*:*","versionEndExcluding":"26.0.1","matchCriteriaId":"8AC012F4-4397-4DA1-A3A6-4C875BB76F50"}]}]}],"references":[{"url":"https://community.claris.com/en/s/article/Arbitrary-Code-Execution-Vulnerability-Addressed-in-FileMaker-Server-via-Miniforge-Installer-Upload","source":"product-security@apple.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-12127","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T14:16:50.060","lastModified":"2026-07-10T14:16:50.060","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage."}],"metrics":{},"references":[]}}]}