73 matches found
Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting
Palo Alto Networks PAN-OS before 8.1.4 GlobalProtect Portal Login page allows an unauthenticated attacker to inject arbitrary JavaScript or HTML, making it vulnerable to cross-site scripting. id: CVE-2018-10141 info: name: Palo Alto Networks PAN-OS GlobalProtect 8.1.4 - Cross-Site Scripting autho...
PT-2026-45209
CVE-2026-0142 does not exist. No NVD record, no CISA KEV entry, no published advisory. The identifier follows valid CVE format but carries nothing behind it — no CVSS score, no affected product, no CNA assignment. If a vendor, scanner, or third-party report handed you that number, the source...
Palo Alto Network PAN-OS - Remote Code Execution
Palo Alto Network PAN-OS and Panorama before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface. id: CVE-2017-15944 info: name: Palo Alto Network PAN-OS - Remote Code Execution...
PAN-OS Management Web Interface - Command Injection
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability. id: CVE-2024-9474 info...
Exploit for Out-of-bounds Write in Paloaltonetworks Pan-Os
No d...
CVE-2026-0261
Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security ri...
CVE-2026-0257
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues...
CVE-2026-0264
CVE-2026-0264 describes a heap-based buffer overflow in Palo Alto Networks PAN-OS DNS proxy and DNS Server features. An unauthenticated attacker with network access can cause a DoS on all PAN-OS platforms (except Panorama, Cloud NGFW, Prisma Access) and potentially achieve arbitrary code executio...
Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN- OS software...
Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS software enable an authenticated administrator t...
Exploit for CVE-2025-0133
CVE-2025-0133 Palo Alto PAN-OS reflected XSS in the GlobalPro...
EUVD-2026-27879
A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-0300link is external Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...
CVE-2026-0228
Technical details about CVE-2026-0228 are not publicly provided in the supplied documents. Monitor for updates from Palo Alto Networks or other sources for affected products, impact, and remediation.
CVE-2025-4615
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI...
CVE-2025-4615
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI...
CVE-2025-4614 PAN-OS: Session Token Disclosure Vulnerability
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue...
Palo Alto Networks PAN-OS 10.2.x < 10.2.17 / 11.1.x < 11.1.6-h21 / 11.1.7-10.x < 11.1.10-h7 / 11.2.x < 11.2.8 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 10.2.x prior to 10.2.17, 11.1.x prior to 11.1.6-h21, 11.1.7-10.x prior to 11.1.10-h7, or 11.2.x prior to 11.2.8. It is, therefore, affected by a vulnerability. An improper input neutralization vulnerability in the management w...
CVE-2025-4231
A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access...