Agent
by WatchGuard
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6788 | Hig | 0.51 | 7.8 | 0.00 | May 6, 2026 | Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000. | ||
| CVE-2026-6787 | Hig | 0.51 | 7.8 | 0.00 | May 6, 2026 | Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000. | ||
| CVE-2026-41288 | Hig | 0.51 | 7.8 | 0.00 | May 6, 2026 | Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\\SYSTEM. | ||
| CVE-2025-57624 | Hig | 0.51 | 7.8 | 0.00 | Sep 16, 2025 | A DLL hijacking vulnerability in CYRISMA Agent before 444 allows local users to escalate privileges and execute arbitrary code via multiple DLLs. | ||
| CVE-2025-24864 | Hig | 0.51 | 7.8 | 0.00 | Mar 6, 2025 | Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege. | ||
| CVE-2025-27237 | Hig | 0.47 | — | 0.00 | Oct 3, 2025 | In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL. | ||
| CVE-2026-41286 | Med | 0.42 | 6.5 | 0.00 | May 6, 2026 | Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service. | ||
| CVE-2026-41287 | Med | 0.42 | 6.5 | 0.00 | May 6, 2026 | Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service. | ||
| CVE-2005-1214 | 0.01 | — | 0.13 | Jun 14, 2005 | Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page. | |||
| CVE-2024-7634 | 0.00 | — | 0.00 | Aug 22, 2024 | NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory. | |||
| CVE-2023-0977 | 0.00 | — | 0.01 | Apr 3, 2023 | A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable. | |||
| CVE-2021-26909 | 0.00 | — | 0.01 | Apr 23, 2021 | Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent. | |||
| CVE-2018-18817 | 0.00 | — | 0.01 | Oct 30, 2018 | The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API. |
- risk 0.51cvss 7.8epss 0.00
Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000.
- risk 0.51cvss 7.8epss 0.00
Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000.
- risk 0.51cvss 7.8epss 0.00
Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\\SYSTEM.
- risk 0.51cvss 7.8epss 0.00
A DLL hijacking vulnerability in CYRISMA Agent before 444 allows local users to escalate privileges and execute arbitrary code via multiple DLLs.
- risk 0.51cvss 7.8epss 0.00
Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege.
- risk 0.47cvss —epss 0.00
In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.
- risk 0.42cvss 6.5epss 0.00
Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service.
- risk 0.42cvss 6.5epss 0.00
Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service.
- CVE-2005-1214Jun 14, 2005risk 0.01cvss —epss 0.13
Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.
- CVE-2024-7634Aug 22, 2024risk 0.00cvss —epss 0.00
NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory.
- CVE-2023-0977Apr 3, 2023risk 0.00cvss —epss 0.01
A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable.
- CVE-2021-26909Apr 23, 2021risk 0.00cvss —epss 0.01
Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent.
- CVE-2018-18817Oct 30, 2018risk 0.00cvss —epss 0.01
The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API.