Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opnsense opnsense vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-42770
A Cross-site scripting (XSS) vulnerability exists in OPNsense prior to 21.7.4 via the LDAP attribute return in the authentication tester.
Opnsense Opnsense
5.4
CVSSv3
CVE-2023-44275
OPNsense prior to 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard.
Opnsense Opnsense
5.4
CVSSv3
CVE-2023-44276
OPNsense prior to 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard.
Opnsense Opnsense
6.5
CVSSv3
CVE-2018-18958
OPNsense 18.7.x prior to 18.7.7 has Incorrect Access Control.
Opnsense Opnsense
6.1
CVSSv3
CVE-2020-23015
An open redirect issue exists in OPNsense up to and including 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website.
Opnsense Opnsense
7.2
CVSSv3
CVE-2023-38997
A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to execute arbitrary system commands as root via a crafted ZIP archive.
Opnsense Opnsense
6.1
CVSSv3
CVE-2023-38998
An open redirect in the Login page of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to redirect a victim user to an arbitrary web site via a crafted URL.
Opnsense Opnsense
6.5
CVSSv3
CVE-2023-38999
A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to cause a Denial of Service (DoS) via a crafted GET request.
Opnsense Opnsense
6.1
CVSSv3
CVE-2023-39000
A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to inject arbitrary JavaScript via the URL path.
Opnsense Opnsense
9.8
CVSSv3
CVE-2023-39001
A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to execute arbitrary commands via a crafted backup configuration file.
Opnsense Opnsense
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »