Vulnerabilities > Pfsense > Pfsense > 2.6.0

DATE CVE VULNERABILITY TITLE RISK
2023-11-09 CVE-2023-29975 Improper Authentication vulnerability in Pfsense 2.6.0
An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification.
network
low complexity
pfsense CWE-287
7.2
7.2
2023-11-08 CVE-2023-29974 Weak Password Requirements vulnerability in Pfsense 2.6.0
An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements.
network
low complexity
pfsense CWE-521
critical
 9.8
9.8
2023-10-25 CVE-2023-29973 Allocation of Resources Without Limits or Throttling vulnerability in Pfsense 2.6.0
Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall.
network
low complexity
pfsense CWE-770
4.9
4.9