Lucene search
K

35 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-0279

Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal aka Captive Portal service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payloa...

6.1CVSS0.0061EPSS
Exploits0References1
CVE
CVE
added 6 days ago9 views

CVE-2026-0279

PAN-OS 11.1.x before 11.1.16, 11.2.x before 11.2.13, and 12.1.x before 12.1.8 are affected by multiple cross-site scripting (XSS) flaws in the User-ID Authentication Portal (Captive Portal), GlobalProtect gateway/portal features, and Clientless VPN. An unauthenticated attacker can store or execut...

6.1CVSS5.4AI score0.0061EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42682

Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal aka Captive Portal service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payloa...

5.3CVSS5.4AI score0.0061EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-0279

Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal aka Captive Portal service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payloa...

5.3CVSS5.4AI score0.0061EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-0279 PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities

Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal aka Captive Portal service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payloa...

5.3CVSS0.0061EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2009-2625

Malware in sbrugna...

6.8CVSS6.2AI score0.05134EPSS
Exploits0References27
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2025-14899

Malicious code in bioql PyPI...

6.9CVSS6.3AI score0.45119EPSS
Exploits8References2
RedhatCVE
RedhatCVE
added 2025/05/16 7:7 p.m.58 views

CVE-2025-0133

A reflected cross-site scripting XSS vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The...

6.9CVSS5.5AI score0.45119EPSS
Exploits8References3
NVD
NVD
added 2025/05/14 7:15 p.m.42 views

CVE-2025-0133

A reflected cross-site scripting XSS vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The...

6.9CVSS0.45119EPSS
Exploits8References1
Vulnrichment
Vulnrichment
added 2025/05/14 6:7 p.m.92 views

CVE-2025-0133 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal

A reflected cross-site scripting XSS vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The...

6.9CVSS5.5AI score0.45119EPSS
Exploits8References1
Cvelist
Cvelist
added 2025/05/14 6:7 p.m.27 views

CVE-2025-0133 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal

A reflected cross-site scripting XSS vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The...

6.9CVSS0.45119EPSS
Exploits8References1
CVE
CVE
added 2025/05/14 6:7 p.m.129 views

CVE-2025-0133

PAN-OS CVE-2025-0133 describes a reflected XSS in the GlobalProtect gateway and portal, exploitable by an authenticated Captive Portal user via a specially crafted link to execute malicious JavaScript in the user’s browser. The primary risk is phishing/credential theft, with limited confidentiali...

6.9CVSS5.3AI score0.45119EPSS
Exploits8References1
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.18 views

Palo Alto Networks PAN-OS 10.2.x < 10.2.17 / 11.1.x < 11.1.11 / 11.2.x < 11.2.7 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.2.x prior to 10.2.17, 11.1.x prior to 11.1.11, or 11.2.x prior to 11.2.7. It is, therefore, affected by a vulnerability. A reflected cross-site scripting XSS vulnerability in the GlobalProtect gateway and portal features of...

6.9CVSS5.5AI score0.45119EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2021/11/18 12:0 a.m.22 views

Palo Alto Networks PAN-OS 8.1.x < 8.1.20 / 9.0.x < 9.0.14 / 9.1.x < 9.1.9 / 10.0.x < 10.0.1 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.20 or 9.0.x prior to 9.0.14 or 9.1.x prior to 9.1.9 or 10.0.x prior to 10.0.1. It is, therefore, affected by a vulnerability. - A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect...

8.8CVSS8.6AI score0.01488EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/11/18 12:0 a.m.6 views

The vulnerability of the Palo Alto Networks PAN-OS GlobalProtect Clientless VPN operating system allows a attacker to execute arbitrary code with root privileges.

The vulnerability of the Palo Alto Networks PAN-OS GlobalProtect Clientless VPN operating system stems from buffer overflows in the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with root privileges remotely...

8.8CVSS8.2AI score0.01488EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/11/10 5:15 p.m.21 views

Memory corruption

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions...

8.5CVSS8.9AI score0.01488EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/11/10 5:0 p.m.6 views

CVE-2021-3056

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions...

8.8CVSS7.6AI score0.01488EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/11/12 12:15 a.m.22 views

Authentication flaw

An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to...

6.4CVSS8.3AI score0.0102EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/07/02 12:0 a.m.27 views

Palo Alto Networks PAN-OS 7.1.x < 7.1.26 / 8.0.x < 8.1.13 / 8.1.x < 8.1.13 / 9.0.x < 9.0.7 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 7.1.26 or 8.0.x prior to 8.1.13 or 8.1.x prior to 8.1.13 or 9.0.x prior to 9.0.7. It is, therefore, affected by a vulnerability. - A cross-site scripting XSS vulnerability exists when visiting malicious websites...

7.1CVSS6.3AI score0.00834EPSS
Exploits0References3
OSV
OSV
added 2020/05/13 7:15 p.m.7 views

CVE-2020-2005

A cross-site scripting XSS vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0...

6.1CVSS5.7AI score0.00834EPSS
Exploits0References1
Rows per page
Query Builder