Lucene search
K

529 matches found

CVE
CVE
added 2026/06/10 8:40 p.m.30 views

CVE-2026-0268

Prisma Access Agent for Linux contains a local authentication bypass that enables a local attacker to route traffic outside the VPN tunnel. The issue is limited to Linux; Windows, macOS, iOS, Android, and ChromeOS variants are not affected. The CVE entry notes a local attack vector with low privi...

6.9CVSS5.5AI score0.00115EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.21 views

PT-2026-48529

A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...

6.9CVSS5.5AI score0.00115EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.20 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass...

8.6CVSS5.7AI score0.01187EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.23 views

Palo Alto Networks Prisma Access Agent 安全漏洞

Palo Alto Networks Prisma Access Agent is a zero-trust network access client agent developed by Palo Alto Networks. There is a security vulnerability in the Palo Alto Networks Prisma Access Agent for Linux, which stems from an issue related to privilege escalation. This vulnerability may allow...

8.5CVSS5.5AI score0.00109EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48558

A privilege escalation PE vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...

8.5CVSS5.7AI score0.00109EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Palo Alto Networks Prisma Access Agent for Linux 安全漏洞

Palo Alto Networks Prisma Access Agent for Linux is a Linux terminal security access client provided by Palo Alto Networks. There is a security vulnerability in Palo Alto Networks Prisma Access Agent for Linux, which stems from a security control bypass. This vulnerability could allow local...

6.9CVSS5.3AI score0.00115EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 4:7 p.m.14 views

MAL-2026-5386 Malicious code in @0xlr/prisma-client-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b993c29d90c2ecfffaa9ed55b99c38e5351052e619b79ad2a385d6c72376f0f4 On npm install, postinstall.js enumerates all of process.env, collects hostname, username, homedir, cwd, argv, platform/arch/release, memory and CPU...

5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.9 views

CVE-2026-0247

Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent® allow a local attacker to bypass authentication controls and execute privileged operations...

8.5CVSS5.6AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.8 views

CVE-2026-0245

Multiple information disclosure vulnerabilities in Prisma Access Agent® allow a local user to access sensitive configuration data and credentials. The Prisma Access Agent on Linux, ChromeOS, Android, and iOS are not affected...

6.8CVSS5.5AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.11 views

CVE-2026-0256

A stored cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual an...

6.9CVSS5.2AI score0.0028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-0246

A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This allows the user to execute arbitrary code an...

8.5CVSS5.9AI score0.00144EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-0248

An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle MitM attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can...

8.6CVSS5.5AI score0.00107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.12 views

CVE-2026-0244

An improper certificate validation vulnerability in the Palo Alto Networks Prisma SD-WAN ION enables man-in-the-middle MitM attacker to impersonate the controller...

7.7CVSS5.5AI score0.00107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.10 views

CVE-2026-0237

An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands t...

7.3CVSS5.5AI score0.00149EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/05/30 6:41 a.m.18 views

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 CVSS score: 7.8, refers to a case of authentication bypass that could be exploited b...

9.1CVSS5.9AI score0.86678EPSS
Exploits11
OSV
OSV
added 2026/05/22 4:50 p.m.8 views

MAL-2026-4646 Malicious code in prisma-client-python (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ba0c0f6a1d1bdb5bffb45ca56fb99b8084fba921cc7689b6e8913c0436fe392 The package's CLI flow ppy generate reads dist/index.enc, a 346 KB AES-encrypted blob, decrypts it using a key extracted from dist/key.enc substring...

6AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/19 12:0 a.m.20 views

Refusal Evaluation in Coding LLMs and Code Agents: A Systematic Review of Thirteen Malicious-Code Prompt Corpora (2023-2025)

The evaluation of large language model refusal on malicious-coding tasks now spans at least thirteen publicly released prompt corpora AdvBench, the CyberSecEval family, RMCBench, RedCode, MCGMark, JailbreakBench, CySecBench, MalwareBench, CIRCLE, MOCHA, ASTRA, Scam2Prompt / Innoc2Scam-bench, and...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 a.m.13 views

CVE-2026-0236

A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to send unauthorized commands to the browser...

7.3CVSS5.9AI score0.00144EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.11 views

CVE-2026-0235

A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user to bypass certain access and data control policies...

5.8CVSS5.8AI score0.00173EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.15 views

Palo Alto Prisma Access Agent 25.x / 26.x < 26.2.1 Authentication Bypass (CVE-2026-0247)

The version of Palo Alto Networks Prisma Access Agent installed on the remote host is 25.x or 26.x prior to 26.2.1. It is, therefore, affected by an authentication bypass vulnerability: - Multiple authorization bypass vulnerabilities in the Endpoint DLP component allow a local attacker to bypass...

8.5CVSS5.9AI score0.00166EPSS
Exploits0References2
Rows per page
Query Builder