Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
501941860.4%CRITICAL

Related CVEs

100+
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2026-0206A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.MEDIUM4.939.3%Apr 29, 2026
CVE-2026-0205A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.MEDIUM6.834.3%Apr 29, 2026
CVE-2026-0204A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.HIGH8.033.4%Apr 29, 2026
CVE-2026-4116Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication.HIGH7.233.5%Apr 9, 2026
CVE-2026-4114Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication.MEDIUM6.644.1%Apr 9, 2026
CVE-2026-4113An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.HIGH7.228.2%Apr 9, 2026
CVE-2026-4112Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.HIGH7.244.8%Apr 9, 2026
CVE-2026-3470A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker as admin user could exploit this issue by providing crafted input that corrupts application database.LOW3.823.8%Mar 31, 2026
CVE-2026-3469A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive.LOW2.730.5%Mar 31, 2026
CVE-2026-3468A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code.MEDIUM4.813.1%Mar 31, 2026
CVE-2026-3439A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall.MEDIUM4.917.1%Mar 4, 2026
CVE-2026-0402A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.MEDIUM4.926.1%Feb 24, 2026
CVE-2026-0401A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.MEDIUM4.926.1%Feb 24, 2026
CVE-2026-0400A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.MEDIUM4.934.0%Feb 24, 2026
CVE-2026-0399Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint.MEDIUM4.923.9%Feb 24, 2026
CVE-2025-40602A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).MEDIUM6.6KEV77.2%Dec 18, 2025
CVE-2025-40605A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path.MEDIUM5.320.9%Nov 20, 2025
CVE-2025-40604Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.CRITICAL9.86.5%Nov 20, 2025
CVE-2025-40601A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.HIGH7.560.8%Nov 20, 2025
CVE-2025-40603A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.MEDIUM4.535.0%Oct 31, 2025