Vulnerabilities > Netgate > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-04 | CVE-2020-21487 | Cross-site Scripting vulnerability in Netgate Pfsense and Pfsense Acme Package Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php. | 9.6 |
| 2023-03-22 | CVE-2023-27100 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests. | 9.8 |
| 2022-09-05 | CVE-2022-31814 | OS Command Injection vulnerability in Netgate Pfblockerng 2.1.426 pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. | 9.8 |
| 2019-09-26 | CVE-2019-16915 | Path Traversal vulnerability in Netgate Pfsense An issue was discovered in pfSense through 2.4.4-p3. | 9.8 |
| 2019-06-03 | CVE-2019-12585 | OS Command Injection vulnerability in multiple products Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php. | 9.8 |