Lucene search
K

26 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-0279

Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal aka Captive Portal service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payloa...

6.1CVSS0.0061EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago38 views

CVE-2026-0282 PAN-OS: File Deletion Vulnerability in Management Web Interface

A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. The security risk posed by this issue is minimized by restricting access to the management web...

6.9CVSS0.00288EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago8 views

CVE-2026-0284

An XML injection vulnerability in the Large Scale VPN LSVPN functionality of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data...

7.8CVSS6AI score0.00448EPSS
Exploits0References2Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2026/05/14 7:15 p.m.11 views

CVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OS

Overview On May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0265, a signature verification vulnerability that facilitates authentication bypass on PAN-OS, the operating system that most Palo Alto Networks firewalls run. This vulnerability allows a remote unauthenticate...

9.2CVSS5.8AI score0.0044EPSS
Exploits3
ATTACKERKB
ATTACKERKB
added 2026/05/13 5:47 p.m.9 views

CVE-2026-0263

A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service DoS condition. Panorama, Cloud NGFW, and Prisma® Access...

9.2CVSS6.4AI score0.0031EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.16 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS software allow an unauthenticated attacker with...

8.7CVSS5.9AI score0.00338EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/06 6:57 p.m.57 views

CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal

A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...

9.3CVSS0.32074EPSS
Exploits6References1
ATTACKERKB
ATTACKERKB
added 2025/06/13 12:15 a.m.1 views

CVE-2025-4230

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI. The security risk posed by this...

8.4CVSS6AI score0.00637EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.7 views

The vulnerability of the SAML (Security Assertion Markup Language) technology in the PAN-OS operating system allows a perpetrator to increase their privileges.

The vulnerability of the SAML Security Assertion Markup Language technology in the PAN-OS operating system is related to improper session management. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

8.5CVSS5.4AI score0.0038EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2025/03/12 12:0 a.m.4 views

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A security vulnerability exists in Palo Alto Networks PAN-OS, which originates in the GlobalProtect feature, where an unauthenticated attacker sending a large number of specially...

8.2CVSS6.5AI score0.00382EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/02/26 12:0 a.m.7 views

The vulnerability of the GlobalProtect Portal operating system PAN-OS allows a hacker to bypass security restrictions.

The vulnerability of the GlobalProtect Portal operating system PAN-OS is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass security restrictions from a remote location...

7.4CVSS7.1AI score0.00322EPSS
Exploits0References3Affected Software1
Packet Storm News
Packet Storm News
added 2025/01/14 12:0 a.m.7 views

Palo-Alto Firewall Denial of Service

Simple proof of concept script that aims to attack the firewall on certain vulnerable versions of Palo Alto's PAN OS via malicious DNS queries. A successful attack will force the firewall to crash and enter maintenance mode...

8.7CVSS6.9AI score0.26636EPSS
Exploits0
CNNVD
CNNVD
added 2024/11/14 12:0 a.m.5 views

Palo Alto Networks PAN-OS 代码问题漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A code issue vulnerability exists in Palo Alto Networks PAN-OS, which stems from a null pointer dereference vulnerability in the GlobalProtect gateway, which allows an attacker to...

8.7CVSS7.3AI score0.0051EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/03 12:0 a.m.7 views

PT-2024-7399 · Palo Alto Networks · Pan-Os

Name of the Vulnerable Software and Affected Versions: PAN-OS affected versions not specified Description: The issue is related to insecure privilege management in the PAN-OS software. It allows a remote attacker to escalate their privileges. An authenticated administrator with restricted...

6.5CVSS6.8AI score0.00282EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2024/02/20 12:0 a.m.9 views

The vulnerability of GlobalProtect Gateways’ operating system, PAN-OS, allows a hacker to establish a VPN connection from an unauthorized IP address.

The vulnerability of GlobalProtect Gateways’ operating system, PAN-OS, is related to insufficient verification of the connection source. Exploiting this vulnerability allows a malicious actor to establish a VPN connection from an unauthorized IP address...

7.5CVSS6.5AI score0.00179EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/02/14 6:15 p.m.6 views

CVE-2024-0010

A reflected cross-site scripting XSS vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of a user’s browser if a user clicks on a malicious link, allowing phishing attacks that could lead to credential...

6.1CVSS5.8AI score0.00509EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/01/06 12:0 a.m.8 views

The vulnerability of the application software interface of the operating system PAN-OS allows a perpetrator to execute arbitrary code.

The vulnerability of the application programming interface of the PAN-OS operating system exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

6.8CVSS7.2AI score0.01145EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.6 views

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A security vulnerability exists in the Palo Alto Networks PAN-OS software that could inadvertently allow or block more URLs than intended, and allowing more URLs than intended poses...

6.5CVSS6.5AI score0.00663EPSS
Exploits0References4
OSV
OSV
added 2021/11/10 5:15 p.m.9 views

CVE-2021-3060

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol SCEP feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have...

8.1CVSS6.1AI score0.33875EPSS
Exploits1References3
OSV
OSV
added 2020/09/09 5:15 p.m.3 views

CVE-2020-2038

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlie...

7.2CVSS7.3AI score0.86086EPSS
Exploits7References3
Rows per page
Query Builder