Skip to main content
CVE-2025-0133 LOW POC Monitor

A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto XSS
NVD
CVSS 4.0
2.7
EPSS
3.5%
CVE-2025-32421 LOW PATCH Monitor

Next.js is a React framework for building full-stack web applications. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Race Condition Next.js Vercel
NVD GitHub
CVSS 3.1
3.7
EPSS
0.4%
CVE-2025-0138 LOW Monitor

Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Paloalto
NVD
CVSS 4.0
2.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy