Pfsense

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-69691 1Pfsense 1Pfsense May 12, 2026 May 8, 2026 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP c...Show more Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code.Show less
CVE-2025-69690 1Pfsense 1Pfsense May 12, 2026 May 8, 2026 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this ins...Show more Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execute PHP code.Show less
CVE-2025-34178 1Pfsense 1Pfsense Oct 10, 2025 Sep 9, 2025 5.1 MEDIUM· v4 5.4 MEDIUM· v3 N/A· v2 In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting...Show more In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.Show less
CVE-2025-34177 1Pfsense 1Pfsense Oct 10, 2025 Sep 9, 2025 5.1 MEDIUM· v4 5.4 MEDIUM· v3 N/A· v2 In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting...Show more In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.Show less
CVE-2025-34176 1Pfsense 1Pfsense Oct 17, 2025 Sep 9, 2025 5.3 MEDIUM· v4 4.3 MEDIUM· v3 N/A· v2 In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. W...Show more In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the file exists, which enables an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.Show less
CVE-2025-34175 1Pfsense 1Pfsense Oct 10, 2025 Sep 9, 2025 5.1 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scri...Show more In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated.Show less
CVE-2025-34174 1Pfsense 1Pfsense Oct 10, 2025 Sep 9, 2025 5.1 MEDIUM· v4 5.4 MEDIUM· v3 N/A· v2 In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the inp...Show more In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all users when visiting the Status Traffic Totals page, resulting in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Status: Traffic Totals" permissions.Show less
CVE-2025-34173 1Pfsense 1Pfsense Oct 20, 2025 Sep 9, 2025 5.3 MEDIUM· v4 4.3 MEDIUM· v3 N/A· v2 In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the cont...Show more In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, which allows an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: Snort package" permissions.Show less
CVE-2025-34172 1Pfsense 1Pfsense Oct 10, 2025 Sep 9, 2025 4.8 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victi...Show more In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.Show less
CVE-2025-53392 1Pfsense 1Pfsense Oct 15, 2025 Jun 28, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavio...Show more In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.Show less
CVE-2023-29975 1Pfsense 1Pfsense Nov 21, 2024 Nov 9, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification.
CVE-2023-29974 1Pfsense 1Pfsense Nov 21, 2024 Nov 8, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements.
CVE-2023-29973 1Pfsense 1Pfsense Nov 21, 2024 Oct 25, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall.
CVE-2020-19678 2Oisf Pfsense 3Pfsense SuricataSuricata Package Feb 12, 2025 Apr 6, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.
CVE-2023-27100 2Netgate Pfsense 2Pfsense Pfsense Plus Feb 25, 2025 Mar 22, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms vi...Show more Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.Show less
CVE-2022-40624 1Pfsense 1Pfblockerng Apr 17, 2025 Dec 20, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814.
CVE-2022-42247 1Pfsense 1Pfsense Nov 21, 2024 Oct 3, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injecte...Show more pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.Show less
CVE-2021-20729 2Netgate Pfsense 2Pfsense Pfsense Plus Nov 21, 2024 Mar 31, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary scr...Show more Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.Show less
CVE-2022-21132 1Pfsense 1Pfsense Pkg Wireguard Nov 21, 2024 Mar 10, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a...Show more Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a pfSense user to view a file outside the public folder.Show less
CVE-2021-41282 1Pfsense 1Pfsense Nov 21, 2024 Mar 1, 2022 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then...Show more diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.Show less

12 Next