Vulnerabilities > Pfsense > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-11-08 CVE-2023-29974 Weak Password Requirements vulnerability in Pfsense 2.6.0
An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements.
network
low complexity
pfsense CWE-521
critical
9.8
2022-03-01 CVE-2021-41282 Injection vulnerability in Pfsense 2.5.2
diag_routes.php in pfSense 2.5.2 allows sed data injection.
network
low complexity
pfsense CWE-74
critical
9.0
2018-01-22 CVE-2016-10709 OS Command Injection vulnerability in Pfsense 2.2.6
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
network
low complexity
pfsense CWE-78
critical
9.0