Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pfsense vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2014-4694
Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package prior to 1.0.6 for pfSense up to and including 2.1.4 allow remote malicious users to inject arbitrary web script or HTML via unspecified variables.
Pfsense Suricata Package
Netgate Pfsense 2.1.3
Netgate Pfsense
312
VMScore
CVE-2020-26693
A stored cross-site scripting (XSS) vulnerability exists in pfSense 2.4.5-p1 which allows an authenticated malicious user to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function.
Pfsense Pfsense 2.4.5
NA
CVE-2023-29973
Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall.
Pfsense Pfsense 2.6.0
NA
CVE-2023-29974
An issue discovered in Pfsense CE version 2.6.0 allows malicious users to compromise user accounts via weak password requirements.
Pfsense Pfsense 2.6.0
NA
CVE-2023-29975
An issue discovered in Pfsense CE version 2.6.0 allows malicious users to change the password of any user without verification.
Pfsense Pfsense 2.6.0
NA
CVE-2022-42247
pfSense v2.5.2 exists to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.
Pfsense Pfsense 2.5.2
940
VMScore
CVE-2021-41282
diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the commo...
Pfsense Pfsense 2.5.2
1 Metasploit module
1 Github repository
NA
CVE-2020-19678
Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote malicious user to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.
Oisf Suricata 1.4.6
Pfsense Suricata Package 1.0.1
Pfsense Pfsense 2.1.3
383
VMScore
CVE-2019-18667
/usr/local/www/freeradius_view_config.php in the freeradius3 package prior to 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser.
Pfsense Pfsense-pkg-freeradius3
NA
CVE-2023-42326
An issue in Netgate pfSense v.2.7.0 allows a remote malicious user to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.
Netgate Pfsense
Netgate Pfsense Plus
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
command injection
CVE-2021-47511
CVE-2024-26238
CVE-2024-4858
CVE-2024-21305
XXE
CVE-2021-47555
CVE-2021-47526
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »