Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pfsense vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2011-5047
Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pfSense prior to 2.0.1 allows remote malicious users to inject arbitrary web script or HTML via the style parameter.
Pfsense Pfsense 1.2.3
Pfsense Pfsense 1.2.2
Pfsense Pfsense 1.2.1
Pfsense Pfsense 1.0.x
Pfsense Pfsense
7.5
CVSSv2
CVE-2011-4197
etc/inc/certs.inc in the PKI implementation in pfSense prior to 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote malicious users to create sub-certificates for arbitrary subjects by leveraging the private key.
Pfsense Pfsense
Pfsense Pfsense 1.2.3
Pfsense Pfsense 1.2.2
Pfsense Pfsense 1.2.1
Pfsense Pfsense 1.0.x
4.3
CVSSv2
CVE-2022-23993
/usr/local/www/pkg.php in pfSense CE prior to 2.6.0 and pfSense Plus prior to 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.
Pfsense Pfsense Plus
Pfsense Pfsense
4
CVSSv2
CVE-2022-21132
Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions before 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions before 0.1.6_1 allows a remote authenticated malicious user to lead a pfSense user to view a file outside the public folder.
Pfsense Pfsense-pkg-wireguard
Pfsense Pfsense-pkg-wireguard 0.1.6
4.3
CVSSv2
CVE-2021-20729
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and previous versions, and pfSense Plus software versions 21.05 and previous versions) allows a remote malicious user to inject an arbitrary script via a malicious URL.
Netgate Pfsense Plus
Pfsense Pfsense
NA
CVE-2023-27100
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows malicious users to bypass brute force protection mechanisms via crafted web requests.
Netgate Pfsense Plus 22.05.1
Pfsense Pfsense 2.6.0
2 Github repositories
9
CVSSv2
CVE-2016-10709
pfSense prior to 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
Pfsense Pfsense
1 Github repository
4.3
CVSSv2
CVE-2014-4693
Multiple cross-site scripting (XSS) vulnerabilities in the Snort package prior to 3.0.13 for pfSense up to and including 2.1.4 allow remote malicious users to inject arbitrary web script or HTML via (1) the eng parameter to snort_import_aliases.php or (2) unspecified variables to...
Netgate Pfsense
Netgate Pfsense 2.1.3
Pfsense Snort Package
5.8
CVSSv2
CVE-2014-4695
Multiple open redirect vulnerabilities in the Snort package prior to 3.0.13 for pfSense up to and including 2.1.4 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to snort_rules_flowbits.php or (2) th...
Pfsense Snort Package
Netgate Pfsense 2.1.3
Netgate Pfsense
4.3
CVSSv2
CVE-2014-4694
Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package prior to 1.0.6 for pfSense up to and including 2.1.4 allow remote malicious users to inject arbitrary web script or HTML via unspecified variables.
Pfsense Suricata Package
Netgate Pfsense 2.1.3
Netgate Pfsense
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »