Skip to main content

Expedition

16 CVEs product

Monthly

CVE-2025-0107 HIGH POC THREAT Act Now

Palo Alto Networks Expedition contains an unauthenticated OS command injection vulnerability that allows attackers to execute arbitrary commands as the www-data user. Successful exploitation exposes firewall usernames, cleartext passwords, device configurations, and API keys for PAN-OS managed firewalls.

Command Injection Paloalto Expedition
NVD
CVSS 4.0
7.7
EPSS
79.8%
Threat
5.4
CVE-2025-0106 MEDIUM This Month

A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Paloalto Expedition
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-0105 MEDIUM This Month

An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Paloalto Expedition
NVD
CVSS 4.0
6.9
EPSS
4.4%
CVE-2025-0104 HIGH This Month

A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto XSS Expedition
NVD
CVSS 4.0
7.0
EPSS
0.8%
CVE-2025-0103 CRITICAL This Week

An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations,. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto SQLi Expedition
NVD
CVSS 4.0
9.2
EPSS
0.5%
CVE-2024-9467 HIGH This Week

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Expedition
NVD
CVSS 4.0
7.0
EPSS
0.6%
CVE-2024-9466 HIGH This Week

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Expedition
NVD
CVSS 4.0
8.2
EPSS
11.2%
CVE-2024-9465 CRITICAL POC KEV THREAT Act Now

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations,. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Paloalto Expedition
NVD
CVSS 4.0
9.2
EPSS
99.6%
CVE-2024-9464 CRITICAL Act Now

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Expedition
NVD
CVSS 4.0
9.3
EPSS
81.7%
CVE-2024-9463 CRITICAL POC KEV THREAT Act Now

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Command Injection Expedition
NVD
CVSS 4.0
9.9
EPSS
98.4%
CVE-2024-5910 CRITICAL POC KEV THREAT Emergency

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Paloalto Expedition
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
91.8%
CVE-2019-1571 MEDIUM POC This Month

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Expedition
NVD
CVSS 3.0
4.8
EPSS
1.1%
CVE-2019-1570 MEDIUM POC This Month

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Expedition
NVD
CVSS 3.0
4.8
EPSS
1.1%
CVE-2019-1569 MEDIUM POC This Month

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Expedition
NVD
CVSS 3.0
4.8
EPSS
1.1%
CVE-2018-10143 CRITICAL POC THREAT Act Now

The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Paloalto Expedition
NVD
CVSS 3.0
9.8
EPSS
24.8%
CVE-2018-10142 HIGH This Week

The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Expedition
NVD
CVSS 3.0
7.5
EPSS
2.2%
EPSS 80% 5.4 CVSS 7.7
HIGH POC THREAT Act Now

Palo Alto Networks Expedition contains an unauthenticated OS command injection vulnerability that allows attackers to execute arbitrary commands as the www-data user. Successful exploitation exposes firewall usernames, cleartext passwords, device configurations, and API keys for PAN-OS managed firewalls.

Command Injection Paloalto Expedition
NVD
EPSS 1% CVSS 6.9
MEDIUM This Month

A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Paloalto Expedition
NVD
EPSS 4% CVSS 6.9
MEDIUM This Month

An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Paloalto Expedition
NVD
EPSS 1% CVSS 7.0
HIGH This Month

A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto XSS Expedition
NVD
EPSS 0% CVSS 9.2
CRITICAL This Week

An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations,. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto SQLi Expedition
NVD
EPSS 1% CVSS 7.0
HIGH This Week

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Expedition
NVD
EPSS 11% CVSS 8.2
HIGH This Week

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Expedition
NVD
EPSS 100% CVSS 9.2
CRITICAL POC KEV THREAT Act Now

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations,. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Paloalto Expedition
NVD
EPSS 82% CVSS 9.3
CRITICAL Act Now

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Expedition
NVD
EPSS 98% CVSS 9.9
CRITICAL POC KEV THREAT Act Now

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Command Injection Expedition
NVD
EPSS 92% CVSS 9.3
CRITICAL POC KEV THREAT Emergency

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Paloalto Expedition
NVD Exploit-DB
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Expedition
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Expedition
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Expedition
NVD
EPSS 25% CVSS 9.8
CRITICAL POC THREAT Act Now

The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Paloalto Expedition
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Expedition
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy