paloaltonetworks

348 tracked vulnerabilities.

CVE-2025-0114 HIGH
Palo Alto Networks PAN-OS >= 10.1.0 < 10.1.14 - Unauthenticated Denial of Service via GlobalProtect Packet Flood
Mar 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-0111 MEDIUM KEV
Palo Alto Networks PAN-OS - Info Disclosure
Feb 12, 2025
CVSS 6.5
EPSS 0.02
CVE-2025-0108 CRITICAL KEVNUCLEI
Palo Alto Networks PAN-OS - Auth Bypass
Feb 12, 2025
CVSS 9.1
EPSS 0.98
CVE-2025-0107 CRITICAL NUCLEI
Palo Alto Networks Expedition - Command Injection
Jan 11, 2025
CVSS 9.8
EPSS 0.78
CVE-2025-0106 MEDIUM
Palo Alto Networks Expedition - Info Disclosure
Jan 11, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-0105 CRITICAL
Palo Alto Networks Expedition - Info Disclosure
Jan 11, 2025
CVSS 9.1
EPSS 0.13
CVE-2025-0104 MEDIUM
Palo Alto Networks Expedition - XSS
Jan 11, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-0103 HIGH
Palo Alto Networks Expedition - SQL Injection
Jan 11, 2025
CVSS 8.8
EPSS 0.01
CVE-2024-3393 HIGH KEV
Palo Alto Networks PAN-OS >= 11.1.0 < 11.1.1 - Unauthenticated Denial of Service via Malicious DNS Packet
Dec 27, 2024
CVSS 7.5
EPSS 0.27
CVE-2024-5921 HIGH
Palo Alto Networks GlobalProtect - Improper Certificate Validation
Nov 27, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-9474 HIGH KEVNUCLEI
PAN-OS >=10.1.0 <10.1.14 - Authenticated Privilege Escalation to Root via Management Interface
Nov 18, 2024
CVSS 7.2
EPSS 0.95
CVE-2024-0012 CRITICAL KEVNUCLEI
Palo Alto Networks PAN-OS 10.2 11.0 11.1 11.2 - Unauthenticated Authentication Bypass
Nov 18, 2024
CVSS 9.8
EPSS 1.00
CVE-2024-5920 MEDIUM
Palo Alto Networks PAN-OS 10.1.0-10.1.13 - Authenticated Stored Cross-Site Scripting via Configuration Push
Nov 14, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-5919 MEDIUM
PAN-OS 10.1.0-10.1.9 - Authenticated XML External Entity Injection
Nov 14, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-5918 MEDIUM
Palo Alto Networks PAN-OS - Improper Certificate Validation in GlobalProtect Portal/Gateway
Nov 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-5917 MEDIUM
PAN-OS 10.1.0-10.1.6 - Authenticated Server-Side Request Forgery via Administrative Web Interface
Nov 14, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-2552 MEDIUM
PAN-OS >=10.2.0 <10.2.7 - Authenticated Command Injection via Management Plane
Nov 14, 2024
CVSS 6.0
EPSS 0.00
CVE-2024-2551 HIGH
Palo Alto Networks PAN-OS 10.1.0-10.1.13 - Unauthenticated Denial of Service via Crafted Data Plane Packet
Nov 14, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-2550 HIGH
Palo Alto Networks PAN-OS 10.2.0-10.2.6 DoS via GlobalProtect Gateway Null Pointer Dereference
Nov 14, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-9473 HIGH
Palo Alto Networks GlobalProtect - Privilege Escalation via MSI Installer Repair Functionality
Oct 09, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-9471 MEDIUM
Palo Alto Networks PAN-OS 9.0.0-9.9.9 - Authenticated Privilege Escalation via XML API Key Misuse
Oct 09, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-9469 MEDIUM
Cortex XDR Agent 7.9-7.9.101 - Detection Mechanism Bypass via Non-Administrative Privileges
Oct 09, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-9468 HIGH
Palo Alto Networks PAN-OS >= 10.2.0 < 10.2.4 - Unauthenticated Denial of Service via Crafted Data Plane Packet
Oct 09, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-9467 MEDIUM
Palo Alto Networks Expedition 1.2.0-1.2.95 - Reflected Cross-Site Scripting
Oct 09, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-9466 MEDIUM
Palo Alto Networks Expedition 1.2.0-1.2.95 - Authenticated Sensitive Information Disclosure in Log Files
Oct 09, 2024
CVSS 6.5
EPSS 0.11