Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pfsense pfsense vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2016-10709
pfSense prior to 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
Pfsense Pfsense
1 Github repository
6.1
CVSSv3
CVE-2021-27933
pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.
Pfsense Pfsense 2.5.0
5.4
CVSSv3
CVE-2020-26693
A stored cross-site scripting (XSS) vulnerability exists in pfSense 2.4.5-p1 which allows an authenticated malicious user to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function.
Pfsense Pfsense 2.4.5
8.8
CVSSv3
CVE-2021-41282
diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the commo...
Pfsense Pfsense 2.5.2
1 Metasploit module
1 Github repository
4.9
CVSSv3
CVE-2023-29973
Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall.
Pfsense Pfsense 2.6.0
9.8
CVSSv3
CVE-2023-29974
An issue discovered in Pfsense CE version 2.6.0 allows malicious users to compromise user accounts via weak password requirements.
Pfsense Pfsense 2.6.0
7.2
CVSSv3
CVE-2023-29975
An issue discovered in Pfsense CE version 2.6.0 allows malicious users to change the password of any user without verification.
Pfsense Pfsense 2.6.0
6.1
CVSSv3
CVE-2022-42247
pfSense v2.5.2 exists to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.
Pfsense Pfsense 2.5.2
7.5
CVSSv3
CVE-2020-19678
Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote malicious user to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.
Oisf Suricata 1.4.6
Pfsense Suricata Package 1.0.1
Pfsense Pfsense 2.1.3
6.1
CVSSv3
CVE-2019-18667
/usr/local/www/freeradius_view_config.php in the freeradius3 package prior to 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser.
Pfsense Pfsense-pkg-freeradius3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »