Gateway
This hub aggregates every CVE we track for Gateway, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.
47
CVEs tracked
5
Critical
28
High
1
In CISA KEV
Severity distribution
HIGH28MEDIUM14CRITICAL5
Monthly trend
0
0
0
0
0
0
0
1
0
0
1
0
0
0
0
1
0
0
0
1
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Gateway.
- CVE-2026-4368Race Condition leading to User Session Mixup8.8
- CVE-2025-12101Cross-Site Scripting (XSS)8.8
- CVE-2025-5777NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overreadKEV7.5
- CVE-2025-25294Envoy Gateway Log Injection Vulnerability5.3
- CVE-2022-27507Authenticated denial of service 6.5
- CVE-2022-27508Unauthenticated denial of service 7.5
- CVE-2019-18177In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 an...6.5
- CVE-2022-27516User login brute force protection functionality bypass 5.3
- CVE-2022-27510Unauthorized access to Gateway user capabilities 9.8
- CVE-2022-27513Remote desktop takeover via phishing8.3
- CVE-2022-38368An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.8.8
- CVE-2022-27509Unauthenticated redirection to a malicious website6.1
- CVE-2022-30792CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels7.5
- CVE-2022-30791CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections7.5
- CVE-2022-31805Insecure transmission of credentials7.5
Product normalization is registry-driven with AI assist and human review. How it works