Lucene search
K

878 matches found

CVE
CVE
added 2025/09/09 8:14 p.m.18 views

CVE-2025-34176

Summary of impact : CVE-2025-34176 affects pfSense CE with the Suricata package, where the iplist parameter in /suricata/suricata_ip_reputation.php is not sanitized against directory-traversal strings. This leads to a file existence check that reveals whether a file exists, enabling authenticated...

5.3CVSS6.2AI score0.14008EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/09 8:9 p.m.3 views

CVE-2025-34175 Netgate pfSense CE Suricata package v7.0.8_2 Reflected Cross-Site Scripting

In pfSense CE /usr/local/www/suricata/suricatafilecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated...

5.1CVSS5.8AI score0.14775EPSS
Exploits0References3
CVE
CVE
added 2025/09/09 8:9 p.m.17 views

CVE-2025-34175

The CVE pertains to pfSense CE with Suricata package (suricata_filecheck.php). The vulnerability arises because the filehash parameter is output directly without HTML sanitization, enabling reflected XSS when a user is authenticated. Affected component: /usr/local/www/suricata/suricata_filecheck....

6.1CVSS5.8AI score0.14775EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/09/09 8:9 p.m.10 views

CVE-2025-34175 Netgate pfSense CE Suricata package v7.0.8_2 Reflected Cross-Site Scripting

In pfSense CE /usr/local/www/suricata/suricatafilecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated...

5.1CVSS0.14775EPSS
Exploits0References3
OSV
OSV
added 2025/09/09 8:9 p.m.5 views

CVE-2025-34175 Netgate pfSense CE Suricata package v7.0.8_2 Reflected Cross-Site Scripting

In pfSense CE /usr/local/www/suricata/suricatafilecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated...

5.1CVSS5.8AI score0.14775EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/09/09 8:2 p.m.10 views

CVE-2025-34174 Netgate pfSense CE Status_Traffic_Totals Package v2.3.2_7 Stored Cross-Site Scripting

In pfSense CE /usr/local/www/statustraffictotals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all use...

5.1CVSS0.09815EPSS
Exploits0References3
CVE
CVE
added 2025/09/09 8:2 p.m.16 views

CVE-2025-34174

The CVE affects pfSense CE in the Status Traffic Totals feature: /usr/local/www/status_traffic_totals.php processes the start-day parameter. The parameter is not validated as numeric nor sanitized for HTML, allowing the value to be saved as the default display for all users, which triggers stored...

5.4CVSS5.5AI score0.09815EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/09 8:2 p.m.3 views

CVE-2025-34174 Netgate pfSense CE Status_Traffic_Totals Package v2.3.2_7 Stored Cross-Site Scripting

In pfSense CE /usr/local/www/statustraffictotals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all use...

5.1CVSS5.7AI score0.09815EPSS
Exploits0References3
OSV
OSV
added 2025/09/09 8:2 p.m.7 views

CVE-2025-34174 Netgate pfSense CE Status_Traffic_Totals Package v2.3.2_7 Stored Cross-Site Scripting

In pfSense CE /usr/local/www/statustraffictotals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all use...

5.1CVSS5.4AI score0.09815EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/09 7:59 p.m.3 views

CVE-2025-34173 Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure

In pfSense CE /usr/local/www/snort/snortipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, whic...

5.3CVSS6.3AI score0.00836EPSS
Exploits0References3
OSV
OSV
added 2025/09/09 7:59 p.m.3 views

CVE-2025-34173 Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure

In pfSense CE /usr/local/www/snort/snortipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, whic...

5.3CVSS6AI score0.00836EPSS
Exploits0References6
CVE
CVE
added 2025/09/09 7:59 p.m.15 views

CVE-2025-34173

Summary: CVE-2025-34173 affects pfSense CE Snort package (snort_ip_reputation.php). The iplist parameter is not sanitized against directory traversal when checking if a file exists, enabling an authenticated attacker (WebCfg - Snort) to determine whether files exist and enumerate files on the tar...

5.3CVSS6.2AI score0.00836EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/09/09 7:59 p.m.11 views

CVE-2025-34173 Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure

In pfSense CE /usr/local/www/snort/snortipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, whic...

5.3CVSS0.00836EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/09 7:43 p.m.4 views

CVE-2025-34172 Netgate pfSense CE HAProxy Package 0.63_10 Reflected Cross-Site Scripting

In pfSense CE /usr/local/www/haproxy/haproxystats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated...

4.8CVSS5.7AI score0.00963EPSS
Exploits0References3
OSV
OSV
added 2025/09/09 7:43 p.m.2 views

CVE-2025-34172 Netgate pfSense CE HAProxy Package 0.63_10 Reflected Cross-Site Scripting

In pfSense CE /usr/local/www/haproxy/haproxystats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated...

4.8CVSS5.8AI score0.00963EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/09/09 7:43 p.m.10 views

CVE-2025-34172 Netgate pfSense CE HAProxy Package 0.63_10 Reflected Cross-Site Scripting

In pfSense CE /usr/local/www/haproxy/haproxystats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated...

4.8CVSS0.00963EPSS
Exploits0References3
CVE
CVE
added 2025/09/09 7:43 p.m.15 views

CVE-2025-34172

CVE-2025-34172 affects pfSense CE (Netgate pfSense CE HAProxy package). The vulnerability exists in haproxy_stats.php where the value of the showsticktablecontent parameter is read from HTTP GET requests and then displayed, enabling reflected cross-site scripting when the victim is authenticated....

6.1CVSS5.8AI score0.00963EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.5 views

Netgate pfSense CE 安全漏洞

Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate, Inc. that supports enterprise-class network security and network management features. A security vulnerability exists in Netgate pfSense CE that stems from the iplist parameter not cleaning up directory...

5.3CVSS6.6AI score0.00836EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.6 views

PT-2025-36943

Name of the Vulnerable Software and Affected Versions: pfSense CE affected versions not specified Description: The iplist parameter in /suricata/suricata ip reputation.php is not properly sanitized to prevent directory traversal attempts. This allows an authenticated attacker with “WebCfg -...

5.3CVSS6AI score0.14008EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.5 views

Netgate pfSense CE 安全漏洞

Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate, Inc. that supports enterprise-class network security and network management features. A security vulnerability exists in Netgate pfSense CE that stems from the policyname parameter not being cleaned of...

5.4CVSS5.8AI score0.00793EPSS
Exploits0References4
Rows per page
Query Builder