CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/05/13 8:23 p.m.•7 views

CVE-2026-44869

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...

8.8CVSS6.1AI score0.00896EPSS

RedhatCVE•added 2026/05/13 8:23 p.m.•6 views

CVE-2026-44872

A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device...

7.2CVSS6AI score0.00815EPSS

RedhatCVE•added 2026/05/13 8:23 p.m.•4 views

CVE-2026-44866

8.8CVSS6.1AI score0.00896EPSS

RedhatCVE•added 2026/05/13 8:23 p.m.•5 views

CVE-2026-44852

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting...

7.2CVSS6.6AI score0.00436EPSS

NVD•added 2026/05/13 7:17 p.m.•3 views

CVE-2026-0256

A stored cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual an...

6.9CVSS0.0028EPSS

CVE•added 2026/05/13 6:18 p.m.•20 views

CVE-2026-0256

CVE-2026-0256 describes a stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software that allows a malicious authenticated administrator to store a JavaScript payload via the web interface. Affected products include PAN-OS on PA-Series and VM-Series firewalls and Panora...

ATTACKERKB•added 2026/05/13 6:18 p.m.•6 views

CVE-2026-0256

5.7AI score0.0028EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/13 6:18 p.m.•4 views

CVE-2026-0256 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

CVE•added 2026/05/13 5:59 p.m.•21 views

CVE-2026-0261

CVE-2026-0261 describes multiple command injection vulnerabilities in PAN-OS that allow an authenticated administrator to bypass system restrictions and execute arbitrary commands as root. Exploitation requires access to the PAN-OS CLI or Web UI. Affected products include PAN-OS running on PA-Ser...

8.6CVSS5.9AI score0.01336EPSS

CNNVD•added 2026/05/13 12:0 a.m.•5 views

Palo Alto Networks PAN-OS 跨站脚本漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. Palo Alto Networks PAN-OS has a cross-site scripting vulnerability, which stems from a storage-based cross-site scripting issue. This vulnerability could allow malicious authenticated...

6.9CVSS5.6AI score0.0028EPSS

CNNVD•added 2026/05/13 12:0 a.m.•6 views

Garmin WDU 安全漏洞

Garmin WDU is a wireless data unit developed by Garmin Corporation, designed for data updates and maintenance of aviation electronic equipment. Versions 1.1.6 and 2.5.0 of Garmin WDU contain security vulnerabilities. These vulnerabilities stem from allowing reflective cross-site scripting attacks...

5CVSS5.9AI score0.0014EPSS

Positive Technologies•added 2026/05/13 12:0 a.m.•8 views

PT-2026-40753

Name of the Vulnerable Software and Affected Versions PAN-OS affected versions not specified Description A stored cross-site scripting XSS issue in the web interface allows an authenticated administrator to store a JavaScript payload. This affects PA-Series and VM-Series firewalls, as well as...

Tenable Nessus•added 2026/05/13 12:0 a.m.•6 views

Exploits0References5

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A stored cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated...

NVD•added 2026/05/12 10:16 p.m.•7 views

CVE-2026-44015

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwar...

9.9CVSS0.00318EPSS

Exploits1References1

EUVD•added 2026/05/12 9:31 p.m.•8 views

EUVD-2026-29817

7.2CVSS6.1AI score0.00896EPSS

EUVD•added 2026/05/12 9:31 p.m.•6 views

EUVD-2026-29823

4.9CVSS5.8AI score0.00305EPSS

EUVD•added 2026/05/12 9:31 p.m.•6 views

EUVD-2026-29816

7.2CVSS6.1AI score0.00896EPSS

EUVD•added 2026/05/12 9:31 p.m.•11 views

EUVD-2026-29815

7.2CVSS6.1AI score0.00918EPSS

EUVD•added 2026/05/12 9:31 p.m.•7 views

EUVD-2026-29734

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to...

8.8CVSS6.2AI score0.0027EPSS