CVE-2025-53392

In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diagcommand.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed throug...

Netgate pfSense CE 安全漏洞

Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate, Inc. that supports enterprise-class network security and network management features. A security vulnerability exists in Netgate pfSense CE version 2.8.0, which stems from diagcommand.php dlPath director...

PT-2025-27330 · Netgate · Pfsense Ce

Name of the Vulnerable Software and Affected Versions: Netgate pfSense CE version 2.8.0 Description: The issue arises from the "WebCfg - Diagnostics: Command" privilege, which improperly allows users to read arbitrary files on the system through a directory traversal attack targeting the diag...

CVE-2023-42325

Cross Site Scripting XSS vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the statuslogsfilterdynamic.php page...

CVE-2023-42327

Cross Site Scripting XSS vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page...

CVE-2023-42326

An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfacesgifedit.php and interfacesgreedit.php components...

CVE-2023-27253

A command injection vulnerability in the function restorerrddata of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml...

CVE-2020-19201

A Stored Cross-Site Scripting XSS vulnerability was found in statusfilterreload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. The page did not encode output from the filter reload process, and a stored XSS was possible via the descr description...

CVE-2020-21487

Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acmecertificates.php...

CVE-2020-21219

Cross Site Scripting XSS vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acmecertificateedit.php page of the ACME package...

CVE-2024-54779

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross Site Scripting XSS in widgets/log.widget.php...

CVE-2024-54780

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting...

CVE-2024-57273

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...

CVE-2024-54780

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting...

CVE-2024-57273

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...

CVE-2024-54779

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross Site Scripting XSS in widgets/log.widget.php...

CVE-2024-54779

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross Site Scripting XSS in widgets/log.widget.php...

PT-2025-21163 · Netgate · Pfsense Ce

Name of the Vulnerable Software and Affected Versions: Netgate pfSense CE versions prior to 2.8.0 beta release Netgate pfSense CE corresponding Plus builds versions prior to 2.8.0 beta release Description: The issue allows remote attackers to execute arbitrary JavaScript, delete backups, or leak...

CVE-2024-54779

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross Site Scripting XSS in widgets/log.widget.php...

CVE-2024-54779

CVE-2024-54779 affects Netgate pfSense CE and corresponding Plus builds before 2.8.0 beta, with a Cross Site Scripting (XSS) flaw in widgets/log.widget.php. Root cause: input handling in that widget allows injected script. Impact per sources is XSS risk; no exploitation details are provided in th...