Vulnerabilities > Pfsense > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-09 | CVE-2023-29975 | Improper Authentication vulnerability in Pfsense 2.6.0 An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification. | 7.2 |
| 2023-04-06 | CVE-2020-19678 | Path Traversal vulnerability in multiple products Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php. | 7.5 |
| 2022-03-01 | CVE-2021-41282 | Injection vulnerability in Pfsense 2.5.2 diag_routes.php in pfSense 2.5.2 allows sed data injection. | 8.8 |
| 2018-01-22 | CVE-2016-10709 | OS Command Injection vulnerability in Pfsense 2.2.6 pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php. | 8.8 |