Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opnsense opnsense vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-27152
DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing malicious users to perform a brute-force attack to bypass authentication.
Opnsense Opnsense 23.1
NA
CVE-2023-44275
OPNsense prior to 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard.
Opnsense Opnsense
NA
CVE-2023-44276
OPNsense prior to 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard.
Opnsense Opnsense
NA
CVE-2023-38997
A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to execute arbitrary system commands as root via a crafted ZIP archive.
Opnsense Opnsense
NA
CVE-2023-38998
An open redirect in the Login page of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to redirect a victim user to an arbitrary web site via a crafted URL.
Opnsense Opnsense
NA
CVE-2023-38999
A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to cause a Denial of Service (DoS) via a crafted GET request.
Opnsense Opnsense
NA
CVE-2023-39000
A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to inject arbitrary JavaScript via the URL path.
Opnsense Opnsense
NA
CVE-2023-39001
A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to execute arbitrary commands via a crafted backup configuration file.
Opnsense Opnsense
NA
CVE-2023-39002
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Opnsense Opnsense
NA
CVE-2023-39003
OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 exists to contain insecure permissions in the directory /tmp.
Opnsense Opnsense
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »