Netgate

Pfsense

54 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-12490

  • EPSS 6.57%
  • Veröffentlicht 06.11.2025 20:15:46
  • Zuletzt bearbeitet 12.11.2025 16:20:22

Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit this vulnerabilit...

6.5

CVE-2025-53392

Exploit
  • EPSS 0.04%
  • Veröffentlicht 28.06.2025 00:00:00
  • Zuletzt bearbeitet 15.10.2025 20:09:46

In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, an...

5.4

CVE-2024-57273

Exploit
  • EPSS 0.07%
  • Veröffentlicht 14.05.2025 00:00:00
  • Zuletzt bearbeitet 23.06.2025 14:50:34

Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the Automatic Configuration Backup (ACB) service, allowing remote attackers to execute arbitrary JavaScript, delete backups,...

5.4

CVE-2024-54779

Exploit
  • EPSS 0.01%
  • Veröffentlicht 14.05.2025 00:00:00
  • Zuletzt bearbeitet 23.06.2025 14:51:38

Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross Site Scripting (XSS) in widgets/log.widget.php.

8.8

CVE-2024-54780

Exploit
  • EPSS 0.79%
  • Veröffentlicht 14.05.2025 00:00:00
  • Zuletzt bearbeitet 13.06.2025 13:03:51

Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacke...

4.8

CVE-2024-46538

Exploit
  • EPSS 74.5%
  • Veröffentlicht 22.10.2024 17:15:03
  • Zuletzt bearbeitet 30.10.2024 20:45:35

A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.

8.8

CVE-2023-48123

  • EPSS 63.64%
  • Veröffentlicht 06.12.2023 20:15:07
  • Zuletzt bearbeitet 21.11.2024 08:31:07

An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file.

8.8

CVE-2023-42326

  • EPSS 86.14%
  • Veröffentlicht 14.11.2023 05:15:08
  • Zuletzt bearbeitet 21.11.2024 08:22:26

An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.

5.4

CVE-2023-42327

Exploit
  • EPSS 48.31%
  • Veröffentlicht 14.11.2023 04:15:07
  • Zuletzt bearbeitet 21.11.2024 08:22:26

Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page.

5.4

CVE-2023-42325

Exploit
  • EPSS 48.31%
  • Veröffentlicht 14.11.2023 04:15:07
  • Zuletzt bearbeitet 21.11.2024 08:22:26

Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page.