Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pfsense vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2020-21487
Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows malicious users to execute arbitrary code via the RootFolder field of acme_certificates.php.
Netgate Pfsense 2.4.4
Netgate Pfsense Acme Package 0.6.3
383
VMScore
CVE-2008-1182
Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense prior to 1.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Bsd Perimeter Pfsense 1.2
Bsd Perimeter Pfsense 1.0.1
383
VMScore
CVE-2019-12584
Apcupsd 0.3.91_5, as used in pfSense up to and including 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.
Apcupsd Apcupsd 0.3.91 5
Netgate Pfsense 2.4.4
Netgate Pfsense
668
VMScore
CVE-2019-12585
Apcupsd 0.3.91_5, as used in pfSense up to and including 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.
Apcupsd Apcupsd 0.3.91 5
Netgate Pfsense 2.4.4
Netgate Pfsense
685
VMScore
CVE-2015-2295
Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense prior to 2.2.1 allows remote malicious users to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.
Netgate Pfsense
1 EDB exploit
383
VMScore
CVE-2015-6508
Cross-site scripting (XSS) vulnerability in pfSense prior to 2.2.3 allows remote malicious users to inject arbitrary web script or HTML via the descr parameter in a "new" action to system_authservers.php.
Netgate Pfsense
383
VMScore
CVE-2015-6510
Multiple cross-site scripting (XSS) vulnerabilities in pfSense prior to 2.2.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) port, (5) snaplen, ...
Netgate Pfsense
383
VMScore
CVE-2015-6511
Cross-site scripting (XSS) vulnerability in pfSense prior to 2.2.3 allows remote malicious users to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php.
Netgate Pfsense
383
VMScore
CVE-2015-2294
Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense prior to 2.2.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) zone parameter to status_captiveportal.php; (2) if or (3) dragtable parameter to firewall_rules.php; (4) que...
Netgate Pfsense
312
VMScore
CVE-2020-11457
pfSense prior to 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.
Netgate Pfsense
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »