📦 Opnsense
by Opnsense
🔍 What is Opnsense?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2025-50989 is an authenticated command injection vulnerability in OPNsense firewall software that allows administrators to execute arbitrary system commands via the Bridge Interface Edit endpoint....
CVE-2023-27152 is an authentication bypass vulnerability in DECISO OPNsense firewall software that allows attackers to perform unlimited brute-force login attempts. This affects OPNsense 23.1 installa...
This vulnerability allows attackers to access sensitive configuration files in OPNsense firewalls due to insecure directory permissions. Attackers can read hashed root passwords and other sensitive da...
This vulnerability allows cross-site scripting (XSS) attacks in OPNsense firewall management interfaces. Attackers can inject malicious scripts via the cron job configuration interface, potentially co...
This CVE describes a command injection vulnerability in OPNsense's diag_backup.php component that allows attackers to execute arbitrary commands by uploading a malicious backup configuration file. Att...
A directory traversal vulnerability in OPNsense's Captive Portal templates allows attackers to upload crafted ZIP archives that can execute arbitrary system commands as root. This affects OPNsense Com...
This CVE involves insecure permissions in the /tmp directory of OPNsense firewall appliances, allowing local attackers to potentially escalate privileges or execute arbitrary code. It affects OPNsense...
This stored cross-site scripting vulnerability in OPNsense 19.1 allows authenticated attackers to inject malicious JavaScript into firewall rule pages. When other users view these pages, the attacker'...
CVE-2019-25375 is a reflected cross-site scripting vulnerability in OPNsense 19.1 that allows unauthenticated attackers to inject malicious JavaScript via the mailserver parameter in POST requests to ...
This CVE describes a reflected cross-site scripting (XSS) vulnerability in OPNsense 19.1's system_advanced_sysctl.php endpoint. Attackers can inject malicious scripts via the value parameter in POST r...
CVE-2019-25369 is a stored cross-site scripting (XSS) vulnerability in OPNsense 19.1 that allows attackers to inject persistent malicious scripts via the system_advanced_sysctl.php endpoint. When auth...
CVE-2019-25371 is a reflected cross-site scripting vulnerability in OPNsense 19.1 that allows unauthenticated attackers to inject malicious JavaScript via the host parameter in diag_ping.php. This ena...