Lucene search
K

34 matches found

NVD
NVD
added yesterday6 views

CVE-2026-0285

A server-side request forgery SSRF vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services. The security risk posed by this issue is minimize...

7CVSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-42680

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker. The...

5.9CVSS6AI score
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-22034

Malware in sbrugna...

9CVSS8.7AI score0.01895EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-22043

Malware in sbrugna...

9CVSS8.7AI score0.01911EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-22063

Malware in sbrugna...

9CVSS6.9AI score0.0356EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-12780

Malware in sbrugna...

9CVSS7AI score0.02132EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-22057

Malware in sbrugna...

6.8CVSS5.1AI score0.01135EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/11 1:57 a.m.7 views

CVE-2025-0126 PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login

When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. T...

8.3CVSS6.5AI score0.00354EPSS
Exploits0References1
Information Security Automation
Information Security Automation
added 2025/02/27 10:32 a.m.24 views

About Authentication Bypass – PAN-OS (CVE-2025-0108) vulnerability

About Authentication Bypass - PAN-OS CVE-2025-0108 vulnerability. PAN-OS is the operating system used in all Palo Alto Network NGFWs. This vulnerability allows an unauthenticated attacker to gain access to the PAN-OS management web interface. The attacker can then "invoke certain PHP scripts",...

5.9CVSS8.6AI score0.98338EPSS
Exploits22
NVD
NVD
added 2025/02/12 9:15 p.m.19 views

CVE-2025-0109

An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but doe...

6.9CVSS0.00582EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/12 8:58 p.m.51 views

CVE-2025-0111 PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface

An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by...

7.1CVSS0.01862EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/12 8:55 p.m.13 views

CVE-2025-0108 PAN-OS: Authentication Bypass in the Management Web Interface

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PH...

8.8CVSS8.1AI score0.98338EPSS
Exploits8References1
Palo Alto Networks
Palo Alto Networks
added 2025/02/12 5:0 p.m.23 views

PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface

An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but doe...

2.1CVSS6.8AI score0.00582EPSS
Exploits0References1
OSV
OSV
added 2024/02/14 6:15 p.m.6 views

CVE-2024-0008

Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access...

8.8CVSS5.8AI score0.00503EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2022/08/09 12:0 a.m.565 views

PAN-OS 10.0 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: PAN-OS 10.0 - Remote Code Execution RCE Authenticated Date: 2022-08-13 Exploit Author: UnD3sc0n0c1d0 Software Link: https://security.paloaltonetworks.com/CVE-2020-2038 Category: Web Application Version: 10.0.1, 9.1.4 and 9.0.10 Tested on: PAN-OS 10.0 - Parrot OS CVE : CVE-2020-2038...

9CVSS6.9AI score0.86086EPSS
Exploits7
NVD
NVD
added 2020/09/09 5:15 p.m.20 views

CVE-2020-2042

A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. This issue impacts only PAN-OS 10.0 versions earlier than PAN-OS 10.0.1...

9CVSS0.02302EPSS
Exploits0References1
OSV
OSV
added 2020/09/09 5:15 p.m.5 views

CVE-2020-2036

A reflected cross-site scripting XSS vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could...

8.8CVSS7.5AI score0.2389EPSS
Exploits0References1
NVD
NVD
added 2020/09/09 5:15 p.m.20 views

CVE-2020-2036

A reflected cross-site scripting XSS vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could...

8.8CVSS0.2389EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/09 4:45 p.m.27 views

CVE-2020-2036 PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface

A reflected cross-site scripting XSS vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could...

8.8CVSS7.7AI score0.2389EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/09/09 12:0 a.m.5 views

PT-2020-15262 · Palo Alto Networks · Pan-Os

Name of the Vulnerable Software and Affected Versions: PAN-OS versions prior to 9.0.10 PAN-OS versions prior to 9.1.4 PAN-OS versions prior to 10.0.1 Description: The issue is an OS Command Injection vulnerability in the management interface, allowing authenticated administrators to execute...

9CVSS7.3AI score0.86086EPSS
Exploits7References9
Rows per page
Query Builder