CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

192 matches found

Palo Alto Expedition - Admin Account Takeover

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. id: CVE-2024-5910 info: name: Palo Alto Expedition - Admin Account Takeover author: johnk3r severity: critical...

9.8CVSS7.5AI score0.91029EPSS

Exploits9References3

Nuclei•added yesterday•37 views

Palo Alto Networks Expedition - OS Command Injection

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls...

9.8CVSS7.6AI score0.81649EPSS

Exploits0References3

Nuclei•added 2026/05/28 5:39 a.m.•58 views

PaloAlto Networks Expedition - Remote Code Execution

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. id: CVE-2024-946...

9.9CVSS7.6AI score0.94199EPSS

Exploits0References4

Nuclei•added 2026/05/28 5:39 a.m.•48 views

Palo Alto Expedition - SQL Injection

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

9.2CVSS7.7AI score0.94286EPSS

Exploits3References4

RedhatCVE•added 2026/05/05 8:21 p.m.•3 views

CVE-2026-7688

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...

5CVSS5.5AI score0.00024EPSS

Exploits0References1

Github Security Blog•added 2026/05/03 12:30 p.m.•4 views

Dolibarr has an Injection issue

5CVSS5.4AI score0.00024EPSS

Exploits0References5Affected Software1

OSV•added 2026/05/03 12:30 p.m.•1 views

GHSA-RVWR-Q5HJ-WQ7G Dolibarr has an Injection issue

5CVSS5.4AI score0.00024EPSS

Exploits0References5

CVE•added 2026/05/03 9:15 a.m.•12 views

CVE-2026-7688

Dolibarr ERP CRM (up to 23.0.2) contains a SQL injection in Shipments API Endpoint, via _checkValForAPI in htdocs/expedition/class/expedition.class.php. The vulnerability allows remote access with high attack complexity and LOW impact on confidentiality/integrity/availability; exploit maturity is...

5CVSS5.5AI score0.00024EPSS

Exploits0References3