📦 Pfsense
by Pfsense
🔍 What is Pfsense?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2023-29974 is a critical authentication vulnerability in pfSense CE 2.6.0 that allows attackers to compromise user accounts due to weak password requirements. This affects all organizations runnin...
This vulnerability in pfSense CE 2.6.0 allows attackers to change any user's password without authentication or verification. This affects all pfSense CE 2.6.0 installations, potentially compromising ...
CVE-2021-41282 is a command injection vulnerability in pfSense's diag_routes.php that allows authenticated users to inject sed commands and write arbitrary files. This can lead to remote code executio...
This vulnerability allows authenticated attackers with 'WebCfg - Services: suricata package' permissions to perform directory traversal attacks in pfSense CE's suricata_ip_reputation.php file. By mani...
This stored XSS vulnerability in pfSense CE's Suricata package allows authenticated attackers with specific permissions to inject malicious scripts into the web interface. When other administrators vi...
This stored XSS vulnerability in pfSense CE's Suricata package allows authenticated attackers with specific permissions to inject malicious scripts into the web interface. When other administrators vi...
This vulnerability allows authenticated attackers with Snort package permissions to perform directory traversal attacks in pfSense CE's Snort IP reputation module. While file contents cannot be read, ...
This reflected cross-site scripting vulnerability in pfSense CE's Suricata interface allows attackers to inject malicious scripts that execute in authenticated users' browsers. The vulnerability affec...
This stored XSS vulnerability in pfSense CE allows authenticated attackers with 'WebCfg - Status: Traffic Totals' permissions to inject malicious scripts into the Status Traffic Totals page. When expl...
This vulnerability allows reflected cross-site scripting (XSS) attacks in pfSense CE's HAProxy statistics page. An attacker can inject malicious scripts via the showsticktablecontent parameter, which ...
This vulnerability in pfSense CE 2.8.0 allows users with the 'WebCfg - Diagnostics: Command' privilege to read arbitrary files through directory traversal in the diag_command.php dlPath parameter. It ...