Lucene search
K

15 matches found

Cvelist
Cvelist
added 2026/05/13 6:18 p.m.51 views

CVE-2026-0256 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

A stored cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual an...

6.9CVSS0.0028EPSS
Exploits0References1
CVE
CVE
added 2025/10/09 6:28 p.m.64 views

CVE-2025-4615

The CVE-2025-4615 entry concerns Palo Alto Networks PAN-OS management web interface. An improper input neutralization vulnerability allows an authenticated administrator to bypass system restrictions and execute arbitrary commands. Affected PAN-OS versions are indicated in Nessus plugin reference...

7.2CVSS6.8AI score0.00737EPSS
Exploits2References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.5 views

Palo Alto Networks PAN-OS 10.2.x < 10.2.17 / 11.1.x < 11.1.12 / 11.2.x < 11.2.8 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.2.x prior to 10.2.17, 11.1.x prior to 11.1.12, or 11.2.x prior to 11.2.8. It is, therefore, affected by a vulnerability. An information disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated...

4.8CVSS6AI score0.00225EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/05/14 6:15 p.m.5 views

CVE-2025-0130

A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this...

8.2CVSS5.8AI score0.00358EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/05/14 6:15 p.m.4 views

CVE-2025-0130

A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this...

7.5CVSS5.8AI score0.00358EPSS
Exploits0References1
NVD
NVD
added 2025/05/14 6:15 p.m.40 views

CVE-2025-0130

A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this...

8.2CVSS0.00358EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/02/19 12:0 a.m.6 views

The vulnerability in the web interface of the PAN-OS operating system of the Palo Alto Networks Panorama network switch management system allows a attacker to carry out cross-site scripting attacks.

The vulnerability of the PAN-OS operating system’s web interface in the Palo Alto Networks Panorama network switch management system is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site attacks remote...

8.3CVSS6.5AI score0.00395EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/28 12:0 a.m.7 views

PT-2023-14675 · Xiongmaitech · Mbd6304T Firmware +1

exploit 1. CVE-2024-0012/CVE-2024-9474: Auth Bypass in PAN-OS Web Interface https://t.co/SgNOxX5gde 2. CVE-2025-23369: GitHub Entreprise Server SAML auth bypass https://t.co/iCGbLYz9rt 3. CVE-2022-45460: ROPing our way to RCE https://t.co/GzC2JZCb2N...

9.8CVSS8.2AI score0.99698EPSS
Exploits21References7
NVD
NVD
added 2021/09/08 5:15 p.m.23 views

CVE-2021-3054

A time-of-check to time-of-use TOCTOU race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-...

8.5CVSS0.00918EPSS
Exploits0References1
OSV
OSV
added 2021/08/11 5:15 p.m.4 views

CVE-2021-3045

An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14;...

4.9CVSS5.9AI score0.0079EPSS
Exploits0References1
OSV
OSV
added 2020/11/12 12:15 a.m.3 views

CVE-2020-2000

An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than...

7.2CVSS7.3AI score0.03226EPSS
Exploits0References1
Prion
Prion
added 2020/02/12 11:15 p.m.18 views

Input validation

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than...

6.5CVSS8.6AI score0.00998EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/07/03 9:29 p.m.6 views

CVE-2018-9337

The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML...

5.4CVSS5.9AI score0.0101EPSS
Exploits0References3
Palo Alto Networks
Palo Alto Networks
added 2017/12/06 12:15 a.m.10 views

Command Injection in PAN-OS

A vulnerability exists in the PAN-OS web interface packet capture management that could allow an authenticated user to inject arbitrary commands. Ref PAN-81892 / CVE-2017-15940 PAN-OS contains a vulnerability that may allow for post authentication command injection This issue affects PAN-OS 6.1.1...

9.8CVSS7.5AI score0.0493EPSS
Exploits0References1
CNVD
CNVD
added 2015/05/20 12:0 a.m.1 views

Palo Alto Networks Pan-OS Management Interface Cross-Site Scripting Vulnerability

PAN-OS is a security-specific operating system designed to control Palo Alto Networks' next-generation firewalls, providing a rich set of firewall, management, and network features. A cross-site scripting vulnerability exists in the Palo Alto Networks Pan-OS WEB management interface, which allows...

6AI score
Exploits0References1
Rows per page
Query Builder