Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10238
Total
701
Critical
2952
High
3222
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-0262 | UNKNOWN | — | Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service (DoS) … | May 13, 2026 |
| CVE-2026-0261 | UNKNOWN | — | Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root … | May 13, 2026 |
| CVE-2026-0259 | UNKNOWN | — | An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary … | May 13, 2026 |
| CVE-2026-0258 | UNKNOWN | — | A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to … | May 13, 2026 |
| CVE-2026-0257 | UNKNOWN | — | Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an … | May 13, 2026 |
| CVE-2026-0256 | UNKNOWN | — | A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web … | May 13, 2026 |
| CVE-2026-0251 | UNKNOWN | — | Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\SYSTEM on Windows … | May 13, 2026 |
| CVE-2026-0250 | UNKNOWN | — | A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect™ app that enables a man in the middle attacker to disrupt system processes and … | May 13, 2026 |
| CVE-2026-0249 | UNKNOWN | — | Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This … | May 13, 2026 |
| CVE-2026-0248 | UNKNOWN | — | An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to … | May 13, 2026 |
| CVE-2026-0247 | UNKNOWN | — | Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent® allow a local attacker to bypass authentication controls and execute privileged operations. | May 13, 2026 |
| CVE-2026-0246 | UNKNOWN | — | A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges … | May 13, 2026 |
| CVE-2026-0245 | UNKNOWN | — | Multiple information disclosure vulnerabilities in Prisma Access Agent® allow a local user to access sensitive configuration data and credentials. The Prisma Access Agent on Linux, … | May 13, 2026 |
| CVE-2026-0244 | UNKNOWN | — | An improper certificate validation vulnerability in the Palo Alto Networks Prisma SD-WAN ION enables man-in-the-middle (MitM) attacker to impersonate the controller. | May 13, 2026 |
| CVE-2026-0242 | UNKNOWN | — | A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow … | May 13, 2026 |
| CVE-2026-0241 | UNKNOWN | — | Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources. | May 13, 2026 |
| CVE-2026-0240 | UNKNOWN | — | An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue … | May 13, 2026 |
| CVE-2026-0239 | UNKNOWN | — | An information disclosure vulnerability in the Chronosphere Chronocollector enables an unauthenticated attacker with network access to the collector service to retrieve sensitive information. | May 13, 2026 |
| CVE-2026-0238 | UNKNOWN | — | A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields. | May 13, 2026 |
| CVE-2026-0236 | UNKNOWN | — | A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated … | May 13, 2026 |
| CVE-2026-0235 | UNKNOWN | — | A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user to bypass certain access and data control policies. | May 13, 2026 |
| CVE-2026-45411 | CRITICAL | 9.8 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield* expression inside an … | May 13, 2026 |
| CVE-2026-45109 | HIGH | 7.5 | Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 … | May 13, 2026 |
| CVE-2026-44582 | LOW | 3.7 | Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to … | May 13, 2026 |
| CVE-2026-44581 | MEDIUM | 4.7 | Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces … | May 13, 2026 |