Vulnerabilities > Pfsense > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-09 CVE-2023-29975 Improper Authentication vulnerability in Pfsense 2.6.0
An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification.
network
low complexity
pfsense CWE-287
7.2
2023-04-06 CVE-2020-19678 Path Traversal vulnerability in multiple products
Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.
network
low complexity
oisf pfsense CWE-22
7.5
2022-03-01 CVE-2021-41282 Injection vulnerability in Pfsense 2.5.2
diag_routes.php in pfSense 2.5.2 allows sed data injection.
network
low complexity
pfsense CWE-74
8.8
2018-01-22 CVE-2016-10709 OS Command Injection vulnerability in Pfsense 2.2.6
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
network
low complexity
pfsense CWE-78
8.8