Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opnsense opnsense vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-39008
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to execute arbitrary system commands.
Opnsense Opnsense
517
VMScore
CVE-2020-23015
An open redirect issue exists in OPNsense up to and including 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website.
Opnsense Opnsense
NA
CVE-2023-44275
OPNsense prior to 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard.
Opnsense Opnsense
NA
CVE-2023-44276
OPNsense prior to 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard.
Opnsense Opnsense
NA
CVE-2023-38998
An open redirect in the Login page of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to redirect a victim user to an arbitrary web site via a crafted URL.
Opnsense Opnsense
NA
CVE-2023-39005
Insecure permissions exist for configd.socket in OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2.
Opnsense Opnsense
356
VMScore
CVE-2018-18958
OPNsense 18.7.x prior to 18.7.7 has Incorrect Access Control.
Opnsense Opnsense
NA
CVE-2023-27152
DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing malicious users to perform a brute-force attack to bypass authentication.
Opnsense Opnsense 23.1
720
VMScore
CVE-2017-1000479
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of...
Opnsense Project Opnsense
Netgate Pfsense
578
VMScore
CVE-2019-11816
Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense prior to 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.
Netgate Pfsense
Netgate Pfsense 2.4.4
Opnsense Opnsense
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2