Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opnsense opnsense vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-39006
The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 mishandles input sanitization.
Opnsense Opnsense
NA
CVE-2023-39007
/ui/cron/item/open in the Cron component of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.
Opnsense Opnsense
NA
CVE-2023-39008
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to execute arbitrary system commands.
Opnsense Opnsense
5.8
CVSSv2
CVE-2020-23015
An open redirect issue exists in OPNsense up to and including 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website.
Opnsense Opnsense
4.3
CVSSv2
CVE-2021-42770
A Cross-site scripting (XSS) vulnerability exists in OPNsense prior to 21.7.4 via the LDAP attribute return in the authentication tester.
Opnsense Opnsense
NA
CVE-2023-44275
OPNsense prior to 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard.
Opnsense Opnsense
NA
CVE-2023-44276
OPNsense prior to 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard.
Opnsense Opnsense
NA
CVE-2023-27152
DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing malicious users to perform a brute-force attack to bypass authentication.
Opnsense Opnsense 23.1
6.8
CVSSv2
CVE-2017-1000479
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of...
Opnsense Project Opnsense
Netgate Pfsense
6.5
CVSSv2
CVE-2019-11816
Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense prior to 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.
Netgate Pfsense
Netgate Pfsense 2.4.4
Opnsense Opnsense
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2