Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 1 - 19 of 19
Filters:
Palo Alto Networks | PAN-OS

CVE-2025-0111

Palo Alto Networks PAN-OS File Read Vulnerability: Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.

Related CWE: CWE-73

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-20
  • Due Date: 2025-03-13
Additional Notes
https://security.paloaltonetworks.com/CVE-2025-0111 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0111
Palo Alto Networks | PAN-OS

CVE-2025-0108

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability: Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in its management web interface. This vulnerability allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-18
  • Due Date: 2025-03-11
Additional Notes
https://security.paloaltonetworks.com/CVE-2025-0108 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0108
Palo Alto Networks | PAN-OS

CVE-2024-3393

Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability: Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malicious DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

Related CWE: CWE-754

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-12-30
  • Due Date: 2025-01-20
Additional Notes
https://security.paloaltonetworks.com/CVE-2024-3393 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3393
Palo Alto Networks | PAN-OS

CVE-2024-9474

Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability: Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.
  • Date Added: 2024-11-18
  • Due Date: 2024-12-09
Additional Notes
https://security.paloaltonetworks.com/CVE-2024-9474 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9474
Palo Alto Networks | PAN-OS

CVE-2024-0012

Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability: Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.
  • Date Added: 2024-11-18
  • Due Date: 2024-12-09
Additional Notes
https://security.paloaltonetworks.com/CVE-2024-0012 ; https://nvd.nist.gov/vuln/detail/CVE-2024-0012
Palo Alto Networks | Expedition

CVE-2024-9465

Palo Alto Networks Expedition SQL Injection Vulnerability: Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-11-14
  • Due Date: 2024-12-05
Additional Notes
https://security.paloaltonetworks.com/PAN-SA-2024-0010 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9465
Palo Alto Networks | Expedition

CVE-2024-9463

Palo Alto Networks Expedition OS Command Injection Vulnerability: Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-11-14
  • Due Date: 2024-12-05
Additional Notes
https://security.paloaltonetworks.com/PAN-SA-2024-0010 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9463
Palo Alto Networks | Expedition

CVE-2024-5910

Palo Alto Networks Expedition Missing Authentication Vulnerability: Palo Alto Networks Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-11-07
  • Due Date: 2024-11-28
Additional Notes
https://security.paloaltonetworks.com/CVE-2024-5910 ; https://nvd.nist.gov/vuln/detail/CVE-2024-5910
Jenkins | Jenkins Command Line Interface (CLI)

CVE-2024-23897

Jenkins Command Line Interface (CLI) Path Traversal Vulnerability: Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.

Related CWE: CWE-27

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-08-19
  • Due Date: 2024-09-09
Additional Notes
https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314; https://nvd.nist.gov/vuln/detail/CVE-2024-23897
Palo Alto Networks | PAN-OS

CVE-2024-3400

Palo Alto Networks PAN-OS Command Injection Vulnerability: Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.

Related CWEs: CWE-20| CWE-77

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.
  • Date Added: 2024-04-12
  • Due Date: 2024-04-19
Additional Notes
https://security.paloaltonetworks.com/CVE-2024-3400 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3400
Jenkins | Jenkins User Interface (UI)

CVE-2015-5317

Jenkins User Interface (UI) Information Disclosure Vulnerability: Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-05-12
  • Due Date: 2023-06-02
Additional Notes
https://www.jenkins.io/security/advisory/2015-11-11/; https://nvd.nist.gov/vuln/detail/CVE-2015-5317
Palo Alto Networks | PAN-OS

CVE-2022-0028

Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability: A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.

Related CWE: CWE-940

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-22
  • Due Date: 2022-09-12
Additional Notes
https://security.paloaltonetworks.com/CVE-2022-0028; https://nvd.nist.gov/vuln/detail/CVE-2022-0028
Jenkins | Script Security Plugin

CVE-2019-1003029

Jenkins Script Security Plugin Sandbox Bypass Vulnerability: Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-04-25
  • Due Date: 2022-05-16
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1003029
Schneider Electric | U.motion Builder

CVE-2018-7841

Schneider Electric U.motion Builder SQL Injection Vulnerability: A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-04-15
  • Due Date: 2022-05-06
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-7841
Jenkins | Matrix Project Plugin

CVE-2019-1003030

Jenkins Matrix Project Plugin Remote Code Execution Vulnerability: Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1003030
Palo Alto Networks | PAN-OS

CVE-2020-2021

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability: Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.

Related CWE: CWE-347

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-2021
Jenkins | Jenkins Stapler Web Framework

CVE-2018-1000861

Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability: A code execution vulnerability exists in the Stapler web framework used by Jenkins

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-10
  • Due Date: 2022-08-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-1000861
Palo Alto Networks | PAN-OS

CVE-2019-1579

Palo Alto Networks PAN-OS Remote Code Execution Vulnerability: Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.

Related CWE: CWE-134

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-01-10
  • Due Date: 2022-07-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1579

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now