Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pfsense pfsense 2.6.0 vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2023-29973
Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall.
Pfsense Pfsense 2.6.0
9.8
CVSSv3
CVE-2023-29974
An issue discovered in Pfsense CE version 2.6.0 allows malicious users to compromise user accounts via weak password requirements.
Pfsense Pfsense 2.6.0
7.2
CVSSv3
CVE-2023-29975
An issue discovered in Pfsense CE version 2.6.0 allows malicious users to change the password of any user without verification.
Pfsense Pfsense 2.6.0
9.8
CVSSv3
CVE-2023-27100
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows malicious users to bypass brute force protection mechanisms via crafted web requests.
Netgate Pfsense Plus 22.05.1
Pfsense Pfsense 2.6.0
2 Github repositories
6.1
CVSSv3
CVE-2022-23993
/usr/local/www/pkg.php in pfSense CE prior to 2.6.0 and pfSense Plus prior to 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.
Pfsense Pfsense Plus
Pfsense Pfsense
8.8
CVSSv3
CVE-2022-24299
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions before 2.6.0 and pfSense Plus software versions before 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary comma...
Netgate Pfsense
Netgate Pfsense Plus
8.8
CVSSv3
CVE-2022-26019
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions before 2.6.0 and pfSense Plus software versions before 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, wh...
Netgate Pfsense Plus
Netgate Pfsense
6.1
CVSSv3
CVE-2022-29273
pfSense CE up to and including 2.6.0 and pfSense Plus prior to 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.
Netgate Pfsense
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started