48 matches found
CVE-2026-30868
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform state‑changing operations but are accessible via HTTP GET requests without CSRF protection. The framework CSRF validation in ApiControllerBase only applies to POST/PUT/DELETE...
CVE-2026-30868 Cross-Site Request Forgery (CSRF) in opnsense/core
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform state‑changing operations but are accessible via HTTP GET requests without CSRF protection. The framework CSRF validation in ApiControllerBase only applies to POST/PUT/DELETE...
CVE-2026-30868 Cross-Site Request Forgery (CSRF) in opnsense/core
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform state‑changing operations but are accessible via HTTP GET requests without CSRF protection. The framework CSRF validation in ApiControllerBase only applies to POST/PUT/DELETE...
CVE-2026-30868 Cross-Site Request Forgery (CSRF) in opnsense/core
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform state‑changing operations but are accessible via HTTP GET requests without CSRF protection. The framework CSRF validation in ApiControllerBase only applies to POST/PUT/DELETE...
CVE-2026-30868
CVE-2026-30868 affects OPNsense (FreeBSD-based firewall) prior to 26.1.4. Several MVC API endpoints perform state-changing actions over HTTP GET without CSRF protection. The ApiControllerBase CSRF validation only covers POST/PUT/DELETE, allowing an authenticated user’s browser to trigger privileg...
PT-2026-24742
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform state‑changing operations but are accessible via HTTP GET requests without CSRF protection. The framework CSRF validation in ApiControllerBase only applies to POST/PUT/DELETE...
EUVD-2020-12488
Malware in sbrugna...
EUVD-2020-12489
Malware in sbrugna...
EUVD-2021-7537
Malicious code in bioql PyPI...
CVE-2025-6183 Configd Injection
The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message...
CVE-2025-6183 Configd Injection
The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message...
CVE-2021-20075
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd...
CVE-2023-39005
Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2...
Deciso OPNsense Security Vulnerability
Deciso OPNsense is a FreeBSD-based open source firewall and routing software from the Dutch company Deciso. A security vulnerability exists in OPNsense versions prior to 23.7, which stems from a permission misconfiguration issue in configd.socket...
PT-2023-26731 · Opnsense · Opnsense Business Edition +1
Name of the Vulnerable Software and Affected Versions: OPNsense Community Edition versions prior to 23.7 OPNsense Business Edition versions prior to 23.4.2 Description: The issue is related to insecure permissions for configd.socket. Recommendations: For OPNsense Community Edition versions prior ...
Exploit for CVE-2022-31749
CVE-2022-31749 by 1vere$k Simple PoC-checker for CVE-2022-3174...
Exploit for CVE-2022-31749
Hook Hook exploits a parameter injection vulnerability in the...
CVE-2021-20075
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd...
CVE-2021-20075
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd...
Design/Logic Flaw
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd...