Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pfsense vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2016-10709
pfSense prior to 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
Pfsense Pfsense
1 Github repository
NA
CVE-2023-29973
Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall.
Pfsense Pfsense 2.6.0
NA
CVE-2023-29974
An issue discovered in Pfsense CE version 2.6.0 allows malicious users to compromise user accounts via weak password requirements.
Pfsense Pfsense 2.6.0
NA
CVE-2023-29975
An issue discovered in Pfsense CE version 2.6.0 allows malicious users to change the password of any user without verification.
Pfsense Pfsense 2.6.0
940
VMScore
CVE-2021-41282
diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the commo...
Pfsense Pfsense 2.5.2
1 Metasploit module
1 Github repository
312
VMScore
CVE-2020-26693
A stored cross-site scripting (XSS) vulnerability exists in pfSense 2.4.5-p1 which allows an authenticated malicious user to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function.
Pfsense Pfsense 2.4.5
NA
CVE-2022-42247
pfSense v2.5.2 exists to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.
Pfsense Pfsense 2.5.2
NA
CVE-2020-19678
Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote malicious user to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.
Oisf Suricata 1.4.6
Pfsense Suricata Package 1.0.1
Pfsense Pfsense 2.1.3
383
VMScore
CVE-2019-18667
/usr/local/www/freeradius_view_config.php in the freeradius3 package prior to 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser.
Pfsense Pfsense-pkg-freeradius3
NA
CVE-2023-48123
An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote malicious user to execute arbitrary code via a crafted request to the packet_capture.php file.
Netgate Pfsense
Netgate Pfsense Plus
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »