Lucene search
K

26 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-0285

A server-side request forgery SSRF vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services. The security risk posed by this issue is minimize...

7CVSS0.00487EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42676

A server-side request forgery SSRF vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services. The security risk posed by this issue is minimize...

7CVSS6AI score0.00487EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-0285 PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface

A server-side request forgery SSRF vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services. The security risk posed by this issue is minimize...

7CVSS0.00487EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-0285

A server-side request forgery SSRF vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services. The security risk posed by this issue is minimize...

7CVSS6AI score0.00487EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-0287

Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service DoS condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this...

8.7CVSS5.9AI score0.00534EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/06/11 12:32 a.m.12 views

EUVD-2026-36145

A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Panorama,...

6.9CVSS5.5AI score0.00192EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/29 12:0 a.m.152 views

VulnCheck KEV: CVE-2026-0257

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues...

9.1CVSS5.8AI score0.86678EPSS
In wildExploits11References10
Cvelist
Cvelist
added 2026/05/13 5:47 p.m.39 views

CVE-2026-0263 PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing

A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service DoS condition. Panorama, Cloud NGFW, and Prisma® Access...

9.2CVSS0.0031EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 5:40 p.m.36 views

CVE-2026-0264 PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution

A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service DoS condition all PAN-OS platforms except Cloud NGFW and Prisma Access or potentially execute arbitra...

9.2CVSS0.00408EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40754

Name of the Vulnerable Software and Affected Versions PAN-OS versions prior to 10.2.7 PAN-OS version 10.2.8 PAN-OS version 10.2.9 PAN-OS version 10.2.10 PAN-OS version 10.2.11 Prisma Access affected versions not specified Description Authentication bypass flaws in the GlobalProtect portal and...

9.1CVSS6.4AI score0.86678EPSS
Exploits11References315
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.15 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS software enable an authenticated administrator t...

8.6CVSS6AI score0.01336EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.14 views

PT-2026-40755

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS affected versions not specified Description A server-side request forgery SSRF issue in the IKEv2 implementation allows an unauthenticated attacker to force the firewall to send network requests to unintended...

8.3CVSS5.8AI score0.00317EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.19 views

PT-2026-40758

Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service DoS condition by sending specially crafted network traffic. Panorama and Cloud NGFW are not impacted by these vulnerabilities...

8.7CVSS5.8AI score0.00338EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/10 1:31 a.m.6 views

CVE-2025-42701

A race condition exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility...

5.6CVSS7.5AI score0.00122EPSS
Exploits0References1
NVD
NVD
added 2025/10/08 6:15 p.m.8 views

CVE-2025-42701

A race condition exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility...

5.6CVSS0.00122EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/08 12:0 a.m.6 views

PT-2025-41294

Name of the Vulnerable Software and Affected Versions CrowdStrike Falcon sensor for Windows versions prior to 7.24 CrowdStrike Falcon sensor for Windows Long Term Visibility LTV sensors prior to 7.24 Description A race condition exists in the Falcon sensor for Windows that could allow an attacker...

5.6CVSS7.1AI score0.00122EPSS
Exploits0References17
OSV
OSV
added 2025/08/20 7:9 p.m.58 views

GHSA-GGJM-F3G4-RWMM n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

Impact A symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the ability to create symlinks—such as by using the...

6.5CVSS7.2AI score0.00445EPSS
Exploits0References5
NVD
NVD
added 2025/04/08 8:15 a.m.7 views

CVE-2025-31333

SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted...

4.3CVSS0.00268EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/10/08 4:15 a.m.11 views

CVE-2024-8926

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows...

8.8CVSS6.8AI score0.03686EPSS
Exploits65References2
Prion
Prion
added 2022/07/25 4:15 p.m.25 views

Cross site scripting

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

5.8CVSS6.7AI score0.03747EPSS
Exploits0References5Affected Software3
Rows per page
Query Builder