CVE-2025-0104
- EPSS 0.34%
- Veröffentlicht 11.01.2025 03:15:22
- Zuletzt bearbeitet 23.01.2026 22:03:41
A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browser if that authenticated user clicks a malicious li...
CVE-2025-0105
- EPSS 12.96%
- Veröffentlicht 11.01.2025 03:15:22
- Zuletzt bearbeitet 23.01.2026 21:56:51
An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.
CVE-2025-0106
- EPSS 0.47%
- Veröffentlicht 11.01.2025 03:15:22
- Zuletzt bearbeitet 23.01.2026 21:52:57
A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem.
CVE-2025-0107
- EPSS 77.65%
- Veröffentlicht 11.01.2025 03:15:22
- Zuletzt bearbeitet 23.01.2026 21:50:52
An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device conf...
CVE-2024-3393
- EPSS 26.64%
- Veröffentlicht 27.12.2024 10:15:17
- Zuletzt bearbeitet 04.11.2025 16:49:18
A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to t...
CVE-2024-9474
- EPSS 94.77%
- Veröffentlicht 18.11.2024 16:15:29
- Zuletzt bearbeitet 04.11.2025 16:49:14
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impact...
CVE-2024-0012
- EPSS 99.7%
- Veröffentlicht 18.11.2024 16:15:11
- Zuletzt bearbeitet 04.11.2025 16:49:23
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configur...
CVE-2024-5919
- EPSS 0.35%
- Veröffentlicht 14.11.2024 10:15:09
- Zuletzt bearbeitet 24.01.2025 16:06:00
A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access...
CVE-2024-5920
- EPSS 0.29%
- Veröffentlicht 14.11.2024 10:15:09
- Zuletzt bearbeitet 24.01.2025 16:06:43
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS ...
CVE-2024-9472
- EPSS 0.43%
- Veröffentlicht 14.11.2024 10:15:09
- Zuletzt bearbeitet 15.04.2026 00:35:42
A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending s...