Vulnerabilities > Pfsense

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-09	CVE-2023-29975	Improper Authentication vulnerability in Pfsense 2.6.0 An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification. network low complexity pfsense CWE-287	7.2
2023-11-08	CVE-2023-29974	Weak Password Requirements vulnerability in Pfsense 2.6.0 An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements. network low complexity pfsense CWE-521 critical	9.8
2023-10-25	CVE-2023-29973	Allocation of Resources Without Limits or Throttling vulnerability in Pfsense 2.6.0 Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall. network low complexity pfsense CWE-770	4.9
2022-10-03	CVE-2022-42247	Cross-site Scripting vulnerability in Pfsense 2.5.2 pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. network low complexity pfsense CWE-79	6.1
2022-03-31	CVE-2021-20729	Cross-site Scripting vulnerability in multiple products Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL. network netgate pfsense CWE-79	4.3
2022-03-10	CVE-2022-21132	Path Traversal vulnerability in Pfsense Pfsense-Pkg-Wireguard 0.1.6 Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a pfSense user to view a file outside the public folder. network low complexity pfsense CWE-22	4.0
2022-03-01	CVE-2021-41282	Injection vulnerability in Pfsense 2.5.2 diag_routes.php in pfSense 2.5.2 allows sed data injection. network low complexity pfsense CWE-74 critical	9.0
2022-01-26	CVE-2022-23993	Cross-site Scripting vulnerability in Pfsense and Pfsense Plus /usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS. network pfsense CWE-79	4.3
2021-06-01	CVE-2020-26693	Cross-site Scripting vulnerability in Pfsense 2.4.5 A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function. network pfsense CWE-79	3.5
2021-04-28	CVE-2021-27933	Cross-site Scripting vulnerability in Pfsense 2.5.0 pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field. network pfsense CWE-79	4.3

Vulnerabilities > Pfsense {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Pfsense"}]}

Vulnerabilities > Pfsense