Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-08	CVE-2023-29974	Weak Password Requirements vulnerability in Pfsense 2.6.0 An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements. network low complexity pfsense CWE-521 critical	9.8
2022-03-01	CVE-2021-41282	Injection vulnerability in Pfsense 2.5.2 diag_routes.php in pfSense 2.5.2 allows sed data injection. network low complexity pfsense CWE-74 critical	9.0
2018-01-22	CVE-2016-10709	OS Command Injection vulnerability in Pfsense 2.2.6 pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '\|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php. network low complexity pfsense CWE-78 critical	9.0