Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-3049

    An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a ... Read more

    Affected Products : cortex_xsoar
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2021-3048

    Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. This condition causes subsequent commits on the firewall to fail and prevents administrators from performing commits and c... Read more

    Affected Products : pan-os
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2021-3047

    A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a lon... Read more

    Affected Products : pan-os
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2021-3046

    An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway when they are configured to use SAML authe... Read more

    Affected Products : pan-os
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-3045

    An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-O... Read more

    Affected Products : pan-os
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3044

    An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.... Read more

    Affected Products : cortex_xsoar
    • Published: Jun. 22, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-3043

    A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web... Read more

    Affected Products : prisma_cloud
    • Published: Jul. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3042

    A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the ... Read more

    Affected Products : cortex_xdr_agent windows
    • Published: Jul. 15, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-3041

    A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to ... Read more

    Affected Products : cortex_xdr_agent windows
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-3040

    An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.139. Checkov 1.0 versions are not im... Read more

    Affected Products : bridgecrew_checkov
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3039

    An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor... Read more

    Affected Products : prisma_cloud
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-3038

    A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This ... Read more

    Affected Products : globalprotect
    • Published: Apr. 20, 2021
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2021-3037

    An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, ... Read more

    Affected Products : pan-os
    • Published: Apr. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2021-3036

    An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only t... Read more

    Affected Products : pan-os
    • Published: Apr. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-3035

    An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not imp... Read more

    Affected Products : bridgecrew_checkov
    • Published: Apr. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.1

    MEDIUM
    CVE-2021-3034

    An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setu... Read more

    Affected Products : cortex_xsoar
    • Published: Mar. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3033

    An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma C... Read more

    Affected Products : prisma_cloud
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2021-3032

    An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged i... Read more

    Affected Products : pan-os
    • Published: Jan. 13, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-3031

    Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random informa... Read more

    Affected Products : pan-os pa-200 pa-2020 pa-2050 pa-220 pa-3020 pa-3050 pa-3060 pa-3220 pa-3250 +4 more products
    • Published: Jan. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-3029

    EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter "file" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerabil... Read more

    Affected Products : ecs_imaging
    • Published: Jan. 07, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292834 Results