Deciso OPNsense 参数注入漏洞

Deciso OPNsense is a firewall and router operating system developed by the Dutch company Deciso. Versions of Decivo OPNsense prior to 26.1.7 contained a parameter injection vulnerability. This vulnerability stemmed from the XMLRPC method opnsense.restoreconfigsection, which failed to clean up the...

Deciso OPNsense 操作系统命令注入漏洞

Deciso OPNsense is a firewall and router operating system developed by the Dutch company Deciso. Versions of Decivo OPNsense prior to 26.1.8 contained an operating system command injection vulnerability. This vulnerability stemmed from the local user synchronization process, where attackers could...

Deciso OPNsense 参数注入漏洞

Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Versions of Decivo OPNsense prior to 26.1.8 had a parameter injection vulnerability. This vulnerability stemmed from uncleaned user input being passed into DHCP...

CVE-2026-2035

Deciso OPNsense diagbackup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw...

CVE-2026-2035

The CVE-2026-2035 entry concerns Deciso OPNsense, specifically the diag_backup.php file. The flaw stems from insufficient validation of a user-supplied string before it is used in a system call, enabling a network-adjacent attacker to achieve remote code execution with root privileges. Exploitati...

CVE-2026-2035

Deciso OPNsense diagbackup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw...

Deciso OPNsense 跨站脚本漏洞

Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Version Decivo OPNsense 19.1 contains a cross-site scripting vulnerability. This vulnerability stems from insufficient parameter validation in the diagbackup.php endpoint,...

Deciso OPNsense 跨站脚本漏洞

Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Version Decivo OPNsense 19.1 contains a cross-site scripting vulnerability. This vulnerability stems from insufficient parameter validation in the interfacesvlanedit.php...

Deciso OPNsense 跨站脚本漏洞

Deciso OPNsense is a firewall and router operating system developed by the Dutch company Deciso. Version 19.1 of Deciso OPNsense contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation for the mailserver parameter in the monit interface, which ma...

CVE-2025-13698

Deciso OPNsense diagbackup.php filename Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific fl...

CVE-2025-13698

Deciso OPNsense diag_backup.php is affected by a directory traversal vulnerability in the backup handling path validation. Authenticated, network-adjacent attackers can create arbitrary files (in root context) by supplying a crafted path. The issue is tied to lack of proper validation in backup c...

CVE-2025-13698 Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary File Creation Vulnerability

Deciso OPNsense diagbackup.php filename Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific fl...

CVE-2025-34182 Deciso OPNsense < 25.7.4 /interfaces_ppps_edit.php ptpid Stored XSS

In Deciso OPNsense before 25.7.4, when creating an "Interfaces: Devices: Point-to-Point" entry, the value of the parameter ptpid is not sanitized of HTML-related characters/strings. This value is directly displayed when visiting the page/interfacesassign.php, which can result in stored cross-site...

CVE-2025-34182

Deciso OPNsense before 25.7.4 is affected by a stored XSS vulnerability in the ptpid parameter used when creating Interfaces: Devices: Point-to-Point entries. The value isn’t sanitized of HTML-related characters/strings and is echoed on interfaces_assign.php, enabling stored XSS. An attacker must...

Deciso OPNsense 安全漏洞

Deciso OPNsense is a firewall and router operating system from the Dutch company Deciso. A security vulnerability exists in Deciso OPNsense versions prior to 25.7.4 that stems from not cleaning up HTML-related characters in the ptpid parameter, which could lead to a stored cross-site scripting...

PT-2025-40279

Name of the Vulnerable Software and Affected Versions Deciso OPNsense versions prior to 25.7.4 Description OPNsense versions prior to 25.7.4 are susceptible to a stored cross-site scripting issue. This occurs when creating a "Interfaces: Devices: Point-to-Point" entry, where the ptpid parameter i...

CVE-2023-27152

DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication...

CVE-2023-27152

DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication...

CVE-2023-27152

DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication...

Deciso OPNsense Cross-Site Scripting Vulnerability

Deciso OPNsense is a suite of FreeBSD-based open source firewall and routing software from Dutch company Deciso. A cross-site scripting vulnerability exists in OPNsense versions prior to 23.7.5. An attacker could exploit this vulnerability to perform cross-site scripting attacks...