472 matches found
CVE-2026-0279
Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal aka Captive Portal service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payloa...
CVE-2026-0279
Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal aka Captive Portal service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payloa...
Palo Alto Networks PAN-OS 11.1.x < 11.1.16 / 11.2.x < 11.2.13 / 12.1.x < 12.1.8 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 11.1.x prior to 11.1.16, 11.2.x prior to 11.2.13, or 12.1.x prior to 12.1.8. It is, therefore, affected by a vulnerability. Multiple cross site scripting vulnerabilities in the User-ID Authentication Portal aka Captive Portal...
CVE-2026-8480
A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 included, 4.4.0 to 4.8.15 included , 5.0.2 EA to 5.0.5 included A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to...
CVE-2026-25620
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...
CVE-2026-25622
A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall NGFW. On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform...
CVE-2026-25622
CVE-2026-25622 affects Arista Edge Threat Management NGFW. A Captive Portal Custom Handler command injection exists where an administrative user logged into the UI can exploit input handling to execute arbitrary shell commands on the platform. Affected: NGFW versions up to 17.4.0 (per Arista advi...
CVE-2026-25622 Arista Edge Threat Management NGFW Captive Portal Custom Handler Command Injection
A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall NGFW. On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform...
EUVD-2026-34907
A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall NGFW. On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform...
CVE-2026-25622
A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall NGFW. On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform...
CVE-2026-25622 Arista Edge Threat Management NGFW Captive Portal Custom Handler Command Injection
A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall NGFW. On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform...
CVE-2026-25620 Arista Edge Threat Management NGFW Captive Portal Encrypted Password Command Injection
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...
CVE-2026-25620
The CVE-2026-25620 issue affects Arista Edge Threat Management NGFW (Captive Portal) in version 17.4.0 and earlier. It is a command injection vulnerability within the Captive Portal application framework that can be triggered by actions performed via the NGFW UI, requiring administrative access. ...
CVE-2026-25620
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...
EUVD-2026-34903
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...
CVE-2026-25620 Arista Edge Threat Management NGFW Captive Portal Encrypted Password Command Injection
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...
PT-2026-47045
Name of the Vulnerable Software and Affected Versions Arista Edge Threat Management - Arista Next Generation Firewall NGFW version 17.4.0 Description An encrypted password command injection vulnerability exists in the Captive Portal application framework. Command injection is a flaw that allows a...
Arista Edge Threat Management - Arista Next Generation Firewall 安全漏洞
Arista Edge Threat Management – Arista Next Generation Firewall is a unified network security platform developed by the American company Arista. It integrates next-generation firewalls, intrusion prevention, web filtering, application control, and network threat protection capabilities. There are...
Arista Edge Threat Management - Arista Next Generation Firewall 安全漏洞
Arista Edge Threat Management – Arista Next Generation Firewall is a unified network security platform developed by the American company Arista. It integrates next-generation firewalls, intrusion prevention, web filtering, application control, and network threat protection capabilities. Version...
CVE-2026-48133 Identity Awareness Captive Portal - Unauthenticated Local File Inclusion
When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway...