34 matches found
CVE-2026-0285
A server-side request forgery SSRF vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services. The security risk posed by this issue is minimize...
EUVD-2026-42680
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker. The...
EUVD-2020-22034
Malware in sbrugna...
EUVD-2020-22043
Malware in sbrugna...
EUVD-2020-22063
Malware in sbrugna...
EUVD-2020-12780
Malware in sbrugna...
EUVD-2020-22057
Malware in sbrugna...
CVE-2025-0126 PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. T...
About Authentication Bypass – PAN-OS (CVE-2025-0108) vulnerability
About Authentication Bypass - PAN-OS CVE-2025-0108 vulnerability. PAN-OS is the operating system used in all Palo Alto Network NGFWs. This vulnerability allows an unauthenticated attacker to gain access to the PAN-OS management web interface. The attacker can then "invoke certain PHP scripts",...
CVE-2025-0109
An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but doe...
CVE-2025-0111 PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface
An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by...
CVE-2025-0108 PAN-OS: Authentication Bypass in the Management Web Interface
An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PH...
PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface
An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but doe...
CVE-2024-0008
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access...
PAN-OS 10.0 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: PAN-OS 10.0 - Remote Code Execution RCE Authenticated Date: 2022-08-13 Exploit Author: UnD3sc0n0c1d0 Software Link: https://security.paloaltonetworks.com/CVE-2020-2038 Category: Web Application Version: 10.0.1, 9.1.4 and 9.0.10 Tested on: PAN-OS 10.0 - Parrot OS CVE : CVE-2020-2038...
CVE-2020-2042
A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. This issue impacts only PAN-OS 10.0 versions earlier than PAN-OS 10.0.1...
CVE-2020-2036
A reflected cross-site scripting XSS vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could...
CVE-2020-2036
A reflected cross-site scripting XSS vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could...
CVE-2020-2036 PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface
A reflected cross-site scripting XSS vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could...
PT-2020-15262 · Palo Alto Networks · Pan-Os
Name of the Vulnerable Software and Affected Versions: PAN-OS versions prior to 9.0.10 PAN-OS versions prior to 9.1.4 PAN-OS versions prior to 10.0.1 Description: The issue is an OS Command Injection vulnerability in the management interface, allowing authenticated administrators to execute...