Vulnerabilities > Pfsense > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-11-08 CVE-2023-29974 Weak Password Requirements vulnerability in Pfsense 2.6.0
An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements.
network
low complexity
pfsense CWE-521
critical
9.8
2023-03-22 CVE-2023-27100 Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.
network
low complexity
netgate pfsense CWE-307
critical
9.8
2022-12-20 CVE-2022-40624 OS Command Injection vulnerability in Pfsense Pfblockerng
pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814.
network
low complexity
pfsense CWE-78
critical
9.8