[Palo Alto Networks Security Advisories] PAN-SA-2025-0010 Informational Bulletin: No Impact of the Marvin Attack onPAN-OS

Palo Alto Networks Security Advisories /PAN-SA-2025-0010PAN-SA-2025-0010 Informational Bulletin: No Impact of the Marvin Attack on PAN-OSInformationalJSONCSAF Published2025-05-14 Updated2025-05-14ReferencePAN-243431DiscoveredinternallyDescriptionThe Palo Alto...

[Palo Alto Networks Security Advisories] CVE-2025-0133 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability inGlobalProtect Gateway and Portal

Palo Alto Networks Security Advisories /CVE-2025-0133CVE-2025-0133 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and PortalUrgencyMODERATE047910Severity2 ·LOWExploit MaturityPOCResponse EffortN/ARecoveryUSERValue...

[Palo Alto Networks Security Advisories] CVE-2025-0138 Prisma Cloud Compute Edition: Insufficient Session ExpirationVulnerability in the Web Interface

Palo Alto Networks Security Advisories /CVE-2025-0138CVE-2025-0138 Prisma Cloud Compute Edition: Insufficient Session Expiration Vulnerability in the Web InterfaceUrgencyMODERATE047910Severity0.3 ·LOWExploit MaturityUNREPORTEDResponse...

[Palo Alto Networks Security Advisories] CVE-2025-0136 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM onIntel-based hardware devices

Palo Alto Networks Security Advisories /CVE-2025-0136CVE-2025-0136 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devicesUrgencyMODERATE047910Severity1.3 ·LOWExploit MaturityUNREPORTEDResponse EffortMODERATERecoveryUSERValue...

[Palo Alto Networks Security Advisories] CVE-2025-0131 GlobalProtect App: Incorrect Privilege Management Vulnerability inOPSWAT MetaDefender Endpoint Security SDK

Palo Alto Networks Security Advisories /CVE-2025-0131CVE-2025-0131 GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDKUrgencyMODERATE047910Severity4 ·MEDIUMExploit MaturityUNREPORTEDResponse...

[Palo Alto Networks Security Advisories] CVE-2025-0135 GlobalProtect App on macOS: Non Admin User Can Disable theGlobalProtect App

Palo Alto Networks Security Advisories /CVE-2025-0135CVE-2025-0135 GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect AppUrgencyMODERATE047910Severity1.8 ·LOWExploit MaturityUNREPORTEDResponse...

[Palo Alto Networks Security Advisories] CVE-2025-0130 PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Featurevia a Burst of Maliciously Crafted Packets

Palo Alto Networks Security Advisories /CVE-2025-0130CVE-2025-0130 PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted...

[Palo Alto Networks Security Advisories] PAN-SA-2025-0009 Chromium: Monthly Vulnerability Update (May 2025)

Palo Alto Networks Security Advisories /PAN-SA-2025-0009PAN-SA-2025-0009 Chromium: Monthly Vulnerability Update (May 2025)UrgencyMODERATE047910Severity7.6 ·HIGHExploit MaturityUNREPORTEDResponse EffortLOWRecoveryUSERValue DensityDIFFUSEAttack VectorNETWORKAttack ComplexityLOWAttack RequirementsNONEAutomatableNOUser InteractionACTIVEProduct...

[Palo Alto Networks Security Advisories] CVE-2025-0134 Cortex XDR Broker VM: Authenticated Code Injection Vulnerabilityin Broker VM

Palo Alto Networks Security Advisories /CVE-2025-0134CVE-2025-0134 Cortex XDR Broker VM: Authenticated Code Injection Vulnerability in Broker VMUrgencyMODERATE047910Severity2.6 ·LOWExploit MaturityUNREPORTEDResponse EffortMODERATERecoveryUSERValue...

[Palo Alto Networks Security Advisories] CVE-2025-0137 PAN-OS: Improper Neutralization of Input in the Management WebInterface

Palo Alto Networks Security Advisories /CVE-2025-0137CVE-2025-0137 PAN-OS: Improper Neutralization of Input in the Management Web InterfaceUrgencyMODERATE047910Severity1.1 ·LOWExploit MaturityUNREPORTEDResponse EffortMODERATERecoveryUSERValue DensityCONCENTRATEDAttack...

[Palo Alto Networks Security Advisories] CVE-2025-0132 Cortex XDR Broker VM: Unauthenticated User Can Disable InternalServices

Palo Alto Networks Security Advisories /CVE-2025-0132CVE-2025-0132 Cortex XDR Broker VM: Unauthenticated User Can Disable Internal ServicesUrgencyMODERATE047910Severity2.7 ·LOWExploit MaturityUNREPORTEDResponse EffortMODERATERecoveryUSERValue DensityCONCENTRATEDAttack...

BugCrowd Bug Bounty Disclosure: P3 – Exposed Python Script with Hardcoded SFTP Credentials, Internal IPs, and Sensitive Data Access – unknown_soldier

Exposed Python Script with Hardcoded SFTP Credentials, Internal IPs, and Sensitive Data Access Exposed Python Script with Hardcoded SFTP Credentials,...