Lucene search
+L

2857 matches found

nuclei
nuclei
added 6 hours ago61 views

Palo Alto Networks Expedition - OS Command Injection

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls...

9.8CVSS7.1AI score0.77653EPSS
Exploits0References3
nuclei
nuclei
added 6 hours ago119 views

Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting

PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute...

8.8CVSS7AI score0.2389EPSS
Exploits0References5
nuclei
nuclei
added 3 days ago287 views

PAN-OS Management Interface - Path Confusion to Authentication Bypass

A vulnerability in PAN-OS management interface allows authentication bypass through path confusion between Nginx and Apache handlers.The issue occurs due to differences in path processing between Nginx and Apache, where double URL encoding combined with directory traversal can bypass authenticati...

9.1CVSS7.1AI score0.98417EPSS
Exploits8References1
euvd
euvd
added last week8 views

EUVD-2026-42691

A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. This issue only affects Prisma® Browser on macOS...

5.4CVSS6AI score0.00112EPSS
Exploits0References1
nvd
nvd
added last week10 views

CVE-2026-0287

Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service DoS condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this...

8.7CVSS0.00587EPSS
Exploits0References1
nvd
nvd
added last week8 views

CVE-2026-0283

An authentication bypass vulnerability in Large Scale VPN LSVPN functionality of Palo Alto Networks PAN-OS software allows an attacker with network access to bypass security restrictions and establish an unauthorized site-to-site VPN connection. Panorama, Cloud NGFW, and Prisma® Access are not...

7.8CVSS0.00338EPSS
Exploits0References1
nvd
nvd
added last week7 views

CVE-2026-0281

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker. The...

7.1CVSS0.00278EPSS
Exploits0References1
nvd
nvd
added last week7 views

CVE-2026-0280

An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services. Cloud NGFW and Panorama are not impacted...

7.2CVSS0.00303EPSS
Exploits0References1
euvd
euvd
added last week12 views

EUVD-2026-42681

An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services. Cloud NGFW and Panorama are not impacted...

6.3CVSS6AI score0.00303EPSS
Exploits0References1
attackerkb
attackerkb
added last week6 views

CVE-2026-0280

An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services. Cloud NGFW and Panorama are not impacted...

6.3CVSS6AI score0.00303EPSS
Exploits0References2Affected Software2
cvelist
cvelist
added last week44 views

CVE-2026-0280 PAN-OS: IPv6 Firewall Policy Bypass

An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services. Cloud NGFW and Panorama are not impacted...

6.3CVSS0.00303EPSS
Exploits0References1
cve
cve
added last week12 views

CVE-2026-0281

CVE-2026-0281 describes an information-disclosure vulnerability in Palo Alto Networks PAN-OS. An unauthenticated attacker with network access to the management web interface can obtain web session tokens, but exploitation requires a legitimate user to click a malicious link. Affected products inc...

7.1CVSS6AI score0.00278EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added last week8 views

CVE-2026-0281

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker. The...

5.9CVSS6AI score0.00278EPSS
Exploits0References2Affected Software1
cve
cve
added last week16 views

CVE-2026-0282

CVE-2026-0282 describes a file deletion vulnerability in Palo Alto Networks PAN-OS that allows an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. Affected are PAN-OS on PA-Series and VM-Series firewalls and Panorama (virtual...

6.9CVSS6AI score0.00288EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added last week36 views

CVE-2026-0283 PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN)

An authentication bypass vulnerability in Large Scale VPN LSVPN functionality of Palo Alto Networks PAN-OS software allows an attacker with network access to bypass security restrictions and establish an unauthorized site-to-site VPN connection. Panorama, Cloud NGFW, and Prisma® Access are not...

7.8CVSS0.00338EPSS
Exploits0References1
cve
cve
added last week29 views

CVE-2026-0283

CVE-2026-0283 concerns Palo Alto Networks PAN-OS Large Scale VPN (LSVPN). The vulnerability is an authentication bypass in LSVPN that could allow an attacker with network access to bypass restrictions and establish an unauthorized site-to-site VPN. Public write-ups reference PAN-OS versions 10.2....

7.8CVSS6AI score0.00338EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added last week8 views

CVE-2026-0284

An XML injection vulnerability in the Large Scale VPN LSVPN functionality of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data...

7.8CVSS6AI score0.00448EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added last week5 views

CVE-2026-0286

A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of...

8.5CVSS6.2AI score0.014EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added last week35 views

CVE-2026-0286 PAN-OS: Authenticated Command Injection in CLI

A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of...

8.5CVSS0.014EPSS
Exploits0References1
euvd
euvd
added last week7 views

EUVD-2026-42675

A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of...

8.5CVSS6.2AI score0.014EPSS
Exploits0References1
Rows per page
Query Builder