Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netgate pfsense vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-42326
An issue in Netgate pfSense v.2.7.0 allows a remote malicious user to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.
Netgate Pfsense
Netgate Pfsense Plus
6.1
CVSSv3
CVE-2019-16914
An XSS issue exists in pfSense up to and including 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization.
Netgate Pfsense
Netgate Pfsense 2.4.4
9.8
CVSSv3
CVE-2019-16915
An issue exists in pfSense up to and including 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents.
Netgate Pfsense
Netgate Pfsense 2.4.4
7.2
CVSSv3
CVE-2019-11816
Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense prior to 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.
Netgate Pfsense 2.4.4
Netgate Pfsense
Opnsense Opnsense
9.6
CVSSv3
CVE-2020-21487
Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows malicious users to execute arbitrary code via the RootFolder field of acme_certificates.php.
Netgate Pfsense 2.4.4
Netgate Pfsense Acme Package 0.6.3
9.8
CVSSv3
CVE-2019-12585
Apcupsd 0.3.91_5, as used in pfSense up to and including 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.
Apcupsd Apcupsd 0.3.91 5
Netgate Pfsense
Netgate Pfsense 2.4.4
6.1
CVSSv3
CVE-2019-12584
Apcupsd 0.3.91_5, as used in pfSense up to and including 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.
Apcupsd Apcupsd 0.3.91 5
Netgate Pfsense
Netgate Pfsense 2.4.4
6.1
CVSSv3
CVE-2021-20729
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and previous versions, and pfSense Plus software versions 21.05 and previous versions) allows a remote malicious user to inject an arbitrary script via a malicious URL.
Netgate Pfsense Plus
Pfsense Pfsense
9.8
CVSSv3
CVE-2023-27100
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows malicious users to bypass brute force protection mechanisms via crafted web requests.
Netgate Pfsense Plus 22.05.1
Pfsense Pfsense 2.6.0
2 Github repositories
6.1
CVSSv3
CVE-2020-21219
Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote malicious users to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package.
Netgate Pfsense 2.4.4
Netgate Acme 0.6.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267
XML injection
CVE-2024-37673
CVE-2024-6266
CVE-2024-30078
arbitrary
CVE-2024-36886
CVE-2024-5346
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »