cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-0103,https://securityvulnerability.io/vulnerability/CVE-2025-0103,SQL Injection Vulnerability in Palo Alto Networks Expedition,"An SQL injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to access sensitive database information. This includes revealing password hashes, usernames, device configurations, and API keys. Moreover, the flaw can be exploited to create and read arbitrary files on the Expedition system, further compromising its integrity and security. It is crucial for users of Expedition to apply security patches and follow best practices to mitigate this risk.",Palo Alto Networks,"Cloud Ngfw,Expedition,Panorama,Pan-os,Prisma Access",9.2,CRITICAL,0.0004299999854993075,false,,false,false,true,2025-01-11T07:15:04.000Z,false,false,false,,2025-01-11T03:15:00.000Z,71
CVE-2025-0107,https://securityvulnerability.io/vulnerability/CVE-2025-0107,OS Command Injection Vulnerability in Palo Alto Networks Expedition,"An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to execute arbitrary OS commands with the privileges of the www-data user. This can lead to serious security breaches, including unauthorized access to usernames, cleartext passwords, configuration files for devices, and API keys used for managing firewalls running PAN-OS software.",Palo Alto Networks,"Cloud Ngfw,Expedition,Panorama,Pan-os,Prisma Access",7.7,HIGH,0.0004299999854993075,false,,true,false,true,2025-01-11T07:15:05.000Z,false,false,false,,2025-01-11T03:15:00.000Z,0
CVE-2025-0104,https://securityvulnerability.io/vulnerability/CVE-2025-0104,Reflected Cross-Site Scripting Vulnerability in Palo Alto Networks Expedition,"A reflected cross-site scripting vulnerability exists in Palo Alto Networks Expedition that permits attackers to execute malicious JavaScript code. This can occur when an authenticated user clicks on a specially crafted link, resulting in potential phishing attacks and the theft of their browser session. This vulnerability highlights the importance of user caution and proactive security measures to mitigate the risks associated with online threats.",Palo Alto Networks,"Cloud Ngfw,Expedition,Panorama,Pan-os,Prisma Access",7,HIGH,0.0004299999854993075,false,,false,false,true,2025-01-11T07:15:04.000Z,false,false,false,,2025-01-11T03:15:00.000Z,0
CVE-2025-0106,https://securityvulnerability.io/vulnerability/CVE-2025-0106,Wildcard Expansion Vulnerability in Palo Alto Networks Expedition,"A wildcard expansion vulnerability exists in Palo Alto Networks Expedition, which allows unauthenticated attackers to enumerate files on the host filesystem. This weakness could potentially lead to exposing sensitive information and escalate further attacks on the system. It is vital for users of Expedition to review security advisories and implement recommended patches to mitigate this risk.",Palo Alto Networks,"Cloud Ngfw,Expedition,Panorama,Pan-os,Prisma Access",6.9,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-01-11T07:15:05.000Z,false,false,false,,2025-01-11T03:15:00.000Z,0
CVE-2025-0105,https://securityvulnerability.io/vulnerability/CVE-2025-0105,Arbitrary File Deletion Vulnerability in Palo Alto Networks Expedition,"An arbitrary file deletion vulnerability in Palo Alto Networks Expedition permits an unauthenticated attacker to delete files that are accessible to the www-data user on the host filesystem. This flaw could potentially be exploited to compromise the integrity of the system, allowing unauthorized manipulation of files critical to the operation of the affected application.",Palo Alto Networks,"Cloud Ngfw,Expedition,Panorama,Pan-os,Prisma Access",6.9,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-01-11T07:15:04.000Z,false,false,false,,2025-01-11T03:15:00.000Z,0
CVE-2024-3393,https://securityvulnerability.io/vulnerability/CVE-2024-3393,Denial of Service Vulnerability in Palo Alto Networks PAN-OS Software,"A vulnerability exists within the DNS Security functionality of Palo Alto Networks PAN-OS software, which could be exploited by an unauthenticated attacker. By sending a carefully crafted malicious packet through the data plane of the firewall, the attacker can cause the firewall to reboot. If this malicious condition is triggered repeatedly, the affected firewall may ultimately enter maintenance mode, interrupting service availability. This poses a significant risk to customers relying on seamless and continuous network operations.",Palo Alto Networks,"Cloud Ngfw,Pan-os",7.1,HIGH,0.007829999551177025,true,2024-12-30T00:00:00.000Z,false,false,true,2024-12-27T09:44:24.538Z,true,true,true,2024-12-31T14:52:02.414Z,2024-12-27T09:44:24.538Z,5822
CVE-2024-5921,https://securityvulnerability.io/vulnerability/CVE-2024-5921,Insufficient Certification Validation in Palo Alto Networks GlobalProtect Application,"Two critical vulnerabilities were discovered in the Palo Alto Networks GlobalProtect VPN app and the SonicWall SMA100 NetExtender VPN client for Windows. The vulnerability in the GlobalProtect app allows attackers to install malicious code with elevated privileges, while the vulnerability in the SonicWall client enables remote code execution with system privileges. Both vulnerabilities require the victim to connect to a malicious VPN server, which can be achieved through social engineering. The impact of these vulnerabilities is severe, and researchers have developed tools to demonstrate the attack methods. Mitigations and patches have been released for these vulnerabilities, but it is important for organizations to promptly address the issue to prevent potential exploitation.",Palo Alto Networks,"Globalprotect App,Globalprotect UWP App,Globalprotect iOS App",,,0.00044999999227002263,false,,true,false,true,2024-11-27T03:50:13.000Z,true,false,false,,2024-11-27T03:50:13.596Z,0
CVE-2024-9474,https://securityvulnerability.io/vulnerability/CVE-2024-9474,Palo Alto Networks PAN-OS Privilege Escalation Vulnerability Affects Firewall,"A privilege escalation vulnerability exists in Palo Alto Networks PAN-OS software, allowing an administrator with access to the management web interface to execute actions on the firewall with heightened root privileges. This could potentially lead to unauthorized control and management of the firewall, exposing the organization to a range of security threats. It is important to note that cloud-based NGFW and Prisma Access solutions remain unaffected by this vulnerability.",Palo Alto Networks,"Cloud Ngfw,Pan-os,Prisma Access",7.2,HIGH,0.9747999906539917,true,2024-11-18T00:00:00.000Z,true,false,true,2024-11-18T00:00:00.000Z,true,true,false,,2024-11-18T15:48:23.405Z,3897
CVE-2024-0012,https://securityvulnerability.io/vulnerability/CVE-2024-0012,Authentication Bypass Vulnerability Affects Palo Alto Networks PAN-OS Software,"An authentication bypass vulnerability exists in Palo Alto Networks PAN-OS software, allowing an attacker with network access to the management web interface to obtain administrator privileges without proper credentials. Exploiters can manipulate configuration settings and may take advantage of additional privilege escalation vulnerabilities. While the risk of unauthorized access can be mitigated by implementing access controls that restrict management web interface access to trusted internal IPs, adherence to recommended security practices is crucial to safeguarding the infrastructure. Notably, Cloud NGFW and Prisma Access are not affected by this vulnerability, which specifically impacts PAN-OS versions 10.2, 11.0, 11.1, and 11.2.",Palo Alto Networks,"Cloud Ngfw,Pan-os,Prisma Access",9.8,CRITICAL,0.969980001449585,true,2024-11-18T00:00:00.000Z,true,true,true,2024-11-18T00:00:00.000Z,true,true,true,2024-11-20T18:52:02.071Z,2024-11-18T15:47:41.407Z,24021
CVE-2024-2550,https://securityvulnerability.io/vulnerability/CVE-2024-2550,Unathorized Access to GlobalProtect Service through Null Pointer Dereference Vulnerability,"A null pointer dereference vulnerability in the GlobalProtect gateway of Palo Alto Networks PAN-OS allows unauthenticated individuals to execute a denial of service (DoS) attack. This is achieved by sending specifically crafted packets that can cause the GlobalProtect service to fail. The repeated initiation of this attack can lead to the firewall entering maintenance mode, disrupting network services and necessitating administrative intervention.",Palo Alto Networks,"Cloud Ngfw,Pan-os,Prisma Access",7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-14T09:40:38.838Z,0
CVE-2024-5920,https://securityvulnerability.io/vulnerability/CVE-2024-5920,Palo Alto Networks PAN-OS Software Vulnerable to Cross-Site Scripting Attacks,A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator's browser.,Palo Alto Networks,"Cloud Ngfw,Pan-os,Prisma Access",4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-14T09:40:14.513Z,0
CVE-2024-5917,https://securityvulnerability.io/vulnerability/CVE-2024-5917,Unauthenticated Server-Side Request Forgery Attack on PAN-OS Software Allows Proxy Access to Internal Network Resources,"A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible.",Palo Alto Networks,"Cloud Ngfw,Pan-os",2.1,LOW,0.0004900000058114529,false,,false,false,true,2025-01-15T23:15:14.000Z,,false,false,,2024-11-14T09:39:40.266Z,0
CVE-2024-2552,https://securityvulnerability.io/vulnerability/CVE-2024-2552,Palo Alto Networks PAN-OS Command Injection Vulnerability Allows Administrator Deletions,A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.,Palo Alto Networks,"Cloud Ngfw,Pan-os,Prisma Access",6,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-14T09:39:06.523Z,0
CVE-2024-5918,https://securityvulnerability.io/vulnerability/CVE-2024-5918,Improper Certificate Validation Vulnerability in Palo Alto Networks PAN-OS Software,"An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you ""Allow Authentication with User Credentials OR Client Certificate.""",Palo Alto Networks,"Cloud Ngfw,Pan-os,Prisma Access",,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-14T09:38:29.319Z,0
CVE-2024-5919,https://securityvulnerability.io/vulnerability/CVE-2024-5919,Blind XML External Entities Injection Vulnerability Allows File Exfiltration,A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.,Palo Alto Networks,"Cloud Ngfw,Pan-os,Prisma Access",6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-11-14T09:36:46.390Z,0
CVE-2024-2551,https://securityvulnerability.io/vulnerability/CVE-2024-2551,Unauthenticated Null Pointer Dereference Vulnerability Leads to DoS Condition and Maintenance Mode,"A null pointer dereference vulnerability in Palo Alto Networks PAN-OS can allow unauthenticated attackers to disrupt core system services on the firewall. By sending specially crafted packets through the data plane, attackers can trigger a denial of service (DoS) condition. If exploited repeatedly, this vulnerability may cause the firewall to enter maintenance mode, leading to severe system disruptions. It is essential for organizations using affected versions of PAN-OS to apply timely updates and mitigate risks associated with this vulnerability.",Palo Alto Networks,"Cloud Ngfw,Pan-os,Prisma Access",7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-14T09:36:09.876Z,0
CVE-2024-9472,https://securityvulnerability.io/vulnerability/CVE-2024-9472,Palo Alto Networks PAN-OS Software Under Denial of Service Attack via Null Pointer Dereference,"A vulnerability exists in Palo Alto Networks PAN-OS software that affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms. When the Decryption policy is enabled, a null pointer dereference could be exploited by unauthenticated attackers to crash the PAN-OS system. This flaw results in a denial of service condition, which may cause the system to enter maintenance mode after repeated attempts to exploit the vulnerability. Notably, the VM-Series, Cloud NGFW, and Prisma Access products are not impacted by this issue. The affected versions of PAN-OS are as follows: 10.2.7-h12, 10.2.8-h10, 10.2.9-h9, 10.2.9-h11, 10.2.10-h2, 10.2.10-h3, 10.2.11, 10.2.11-h1, 10.2.11-h2, 10.2.11-h3, 11.1.2-h9, 11.1.2-h12, 11.1.3-h2, 11.1.3-h4, 11.1.3-h6, 11.2.2, and 11.2.2-h1.",Palo Alto Networks,"Cloud Ngfw,Pan-os,Prisma Access",,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-14T09:34:22.665Z,0
CVE-2024-9469,https://securityvulnerability.io/vulnerability/CVE-2024-9469,Cortex XDR Agent: Local Windows User Can Disable the Agent,A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.,Palo Alto Networks,Cortex Xdr Agent,5.5,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-10-10T18:15:16.000Z,,false,false,,2024-10-09T17:15:00.000Z,0
CVE-2024-9467,https://securityvulnerability.io/vulnerability/CVE-2024-9467,Expedition: Reflected Cross-Site Scripting Vulnerability Leads to Expedition Session Disclosure,"A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.",Palo Alto Networks,Expedition,6.1,MEDIUM,0.0004600000102072954,false,,false,false,true,2024-10-18T12:15:06.000Z,,false,false,,2024-10-09T17:15:00.000Z,0
CVE-2024-9470,https://securityvulnerability.io/vulnerability/CVE-2024-9470,Cortex XSOAR: Information Disclosure Vulnerability,A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data.,Palo Alto Networks,Cortex Xsoar,,,0.0004299999854993075,false,,false,false,true,2024-10-10T18:15:16.000Z,,false,false,,2024-10-09T17:15:00.000Z,0
CVE-2024-9463,https://securityvulnerability.io/vulnerability/CVE-2024-9463,Palo Alto Networks Expedition OS Command Injection Vulnerability,"The Palo Alto Networks Expedition tool has multiple critical vulnerabilities (CVE-2024-9463 to CVE-2024-9467) including OS command injection, SQL injection, cleartext storage of sensitive information, and cross-site scripting. These vulnerabilities can result in unauthorized access, credential theft, and administrative takeover. The vulnerabilities affect all versions of Expedition below 1.2.96, and urgent patching is recommended. The potential impact of exploitation includes disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls, with the risk of sensitive data theft. There are no known exploits by ransomware groups at this time, but proactive measures such as upgrading to the latest version of Expedition, limiting network access, rotating credentials, and monitoring access logs are advised to minimize the risk of exploitation.",Palo Alto Networks,Expedition,7.5,HIGH,0.9618600010871887,true,2024-11-14T00:00:00.000Z,true,false,true,2024-10-10T10:07:05.000Z,,false,false,,2024-10-09T17:15:00.000Z,0
CVE-2024-9471,https://securityvulnerability.io/vulnerability/CVE-2024-9471,PAN-OS: Privilege Escalation (PE) Vulnerability in XML API,"A privilege escalation vulnerability exists within the XML API of Palo Alto Networks PAN-OS software. This security flaw allows an authenticated administrator with limited access to exploit a compromised XML API key, potentially executing actions that would typically be restricted. For instance, an administrator who is designated as a 'Virtual system administrator (read-only)' may misuse another admin's XML API key, granting them unauthorized write capabilities on the virtual system's configuration. This situation underscores the importance of safeguarding API keys and enforcing stringent access controls to maintain network security.",Palo Alto Networks,"Pan-os,Cloud Ngfw,Prisma Access",4.7,MEDIUM,0.0004400000034365803,false,,false,false,true,2024-10-18T14:15:07.000Z,,false,false,,2024-10-09T17:15:00.000Z,0
CVE-2024-9466,https://securityvulnerability.io/vulnerability/CVE-2024-9466,Sensitive Information Vulnerability in Palo Alto Networks Expedition,"The vulnerability CVE-2024-9466 in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. The flaws were found in Palo Alto Networks' Expedition solution, which can be exploited to access sensitive data, such as user credentials, that can help take over firewall admin accounts. The vulnerabilities include command injection, reflected cross-site scripting, cleartext storage of sensitive information, missing authentication, and SQL injection vulnerabilities. A proof-of-concept exploit has been made available, but there is no evidence that the security flaws have been exploited in attacks. Palo Alto Networks has provided security updates in Expedition 1.2.96 to address these vulnerabilities and recommend that affected credentials be rotated after the upgrade.",Palo Alto Networks,Expedition,6.5,MEDIUM,0.0004900000058114529,false,,true,false,true,2024-10-09T16:15:00.000Z,true,false,false,,2024-10-09T17:15:00.000Z,0
CVE-2024-9464,https://securityvulnerability.io/vulnerability/CVE-2024-9464,OS Command Injection Vulnerability in Palo Alto Networks Expedition,"An OS command injection vulnerability exists in Palo Alto Networks Expedition, permitting an authenticated attacker to execute arbitrary operating system commands with root privileges. This can lead to the exposure of critical information such as usernames, cleartext passwords, device configurations, and API keys associated with PAN-OS firewalls. The vulnerability poses a significant risk to the security of systems utilizing Expedition, emphasizing the importance of applying necessary security measures and updates.",Palo Alto Networks,Expedition,6.5,MEDIUM,0.0005099999834783375,false,,true,false,true,2024-10-09T19:59:00.000Z,true,true,false,,2024-10-09T17:15:00.000Z,7244
CVE-2024-9465,https://securityvulnerability.io/vulnerability/CVE-2024-9465,UnAuthenticated SQL Injection Vulnerability in Palo Alto Networks Expedition,"An SQL injection flaw in Palo Alto Networks Expedition presents a serious risk by allowing unauthenticated attackers to access and extract sensitive data from the Expedition database. This includes potential exposure of password hashes, usernames, device configurations, and API keys, all of which can be leveraged to enhance the attacker's capability. Additionally, the vulnerability enables unauthorized file creation and reading within the Expedition environment, raising significant concerns for data integrity and confidentiality.",Palo Alto Networks,Expedition,9.1,CRITICAL,0.9432200193405151,true,2024-11-14T00:00:00.000Z,true,false,true,2024-10-10T01:22:05.000Z,true,false,false,,2024-10-09T17:15:00.000Z,0