CVE-2018-10143 — CVSS 9.8 (critical): The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system…
CVE-2025-0107 — CVSS 9.8 (critical): An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as…
CVE-2025-0105 — CVSS 9.1 (critical): An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files…
CVE-2025-0103 — CVSS 8.8 (high): An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents…
CVE-2018-10142 — CVSS 7.5 (high): The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system.
CVE-2024-9466 — CVSS 6.5 (medium): A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal…
CVE-2024-9464 — CVSS 6.5 (medium): An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as…
CVE-2024-9467 — CVSS 6.1 (medium): A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated…
CVE-2025-0104 — CVSS 6.1 (medium): A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript…
CVE-2025-0106 — CVSS 5.3 (medium): A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host…
CVE-2019-1571 — CVSS 4.8 (medium): The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS…
CVE-2019-1569 — CVSS 4.8 (medium): The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping…
CVE-2019-1570 — CVSS 4.8 (medium): The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server…