Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opnsense opnsense vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-27152
DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing malicious users to perform a brute-force attack to bypass authentication.
Opnsense Opnsense 23.1
5.4
CVSSv3
CVE-2023-44275
OPNsense prior to 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard.
Opnsense Opnsense
5.4
CVSSv3
CVE-2023-44276
OPNsense prior to 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard.
Opnsense Opnsense
7.2
CVSSv3
CVE-2023-38997
A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to execute arbitrary system commands as root via a crafted ZIP archive.
Opnsense Opnsense
6.1
CVSSv3
CVE-2023-38998
An open redirect in the Login page of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to redirect a victim user to an arbitrary web site via a crafted URL.
Opnsense Opnsense
6.5
CVSSv3
CVE-2023-38999
A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to cause a Denial of Service (DoS) via a crafted GET request.
Opnsense Opnsense
6.1
CVSSv3
CVE-2023-39000
A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to inject arbitrary JavaScript via the URL path.
Opnsense Opnsense
9.8
CVSSv3
CVE-2023-39001
A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to execute arbitrary commands via a crafted backup configuration file.
Opnsense Opnsense
6.1
CVSSv3
CVE-2023-39002
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Opnsense Opnsense
7.5
CVSSv3
CVE-2023-39003
OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 exists to contain insecure permissions in the directory /tmp.
Opnsense Opnsense
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »